Solved: How to display Date along with day

harsush · ‎12-21-2020

Hi Team,

We could pull day with date_wday - i tried few ways iam unable to display day along with date . Can you pls help on this.

index=XXX source=*abc.log
| rex field=_raw "- (?<uc>U(\d{8})) "
| rex "[^\w](?<JOB>(?<env>[A-Z0-9@_#]+)\.[A-Z0-9@_#]+\.[A-Z0-9@_#]+\.(?<app>[A-Z0-9@_#]+\.[A-Z0-9@_#]+)\.[A-Z0-9@_#]+)"
| search env=* app=* JOB=*** uc=*U00000001*
| eval date=strftime(_time,"%d-%m-%Y")
| stats count by date,JOB
| xyseries JOB,date,count| addtotals row=true
| sort - "Total"

JOB	14-12-2020	15-12-2020	16-12-2020	17-12-2020	18-12-2020	19-12-2020	20-12-2020	21-12-2020	Total
JOB1	1	1	2	1	2				7
JOB2		2	2	1	1				6
JOB3	1	1	1	1	1			1	6

Iam looking for output where i could display day along with date

JOB	11/12/2020(Friday)	12/12/2020(Saturday)	13-12-2020(Sunday)	14-12-2020(Monday)	15-12-2020(Tuesday)	16-12-2020(Wednesday)	17-12-2020(Thrusday)	18-12-2020(Friday)	Total
Job1		8	10						18
Job2	1	1

saravanan90 · ‎12-21-2020

Below can help..

----------------------

An upvote would be appreciated if the above reply is useful to you.

View solution in original post

saravanan90 · ‎12-21-2020

Below can help..

----------------------

An upvote would be appreciated if the above reply is useful to you.

How to display Date along with day

chart

count

eval

fields

stats

table

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Are you a member of the Splunk Community?

How to display Date along with day