- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
We could pull day with date_wday - i tried few ways iam unable to display day along with date . Can you pls help on this.
index=XXX source=*abc.log
| rex field=_raw "- (?<uc>U(\d{8})) "
| rex "[^\w](?<JOB>(?<env>[A-Z0-9@_#]+)\.[A-Z0-9@_#]+\.[A-Z0-9@_#]+\.(?<app>[A-Z0-9@_#]+\.[A-Z0-9@_#]+)\.[A-Z0-9@_#]+)"
| search env=* app=* JOB=*** uc=*U00000001*
| eval date=strftime(_time,"%d-%m-%Y")
| stats count by date,JOB
| xyseries JOB,date,count| addtotals row=true
| sort - "Total"
| JOB | 14-12-2020 | 15-12-2020 | 16-12-2020 | 17-12-2020 | 18-12-2020 | 19-12-2020 | 20-12-2020 | 21-12-2020 | Total |
| JOB1 | 1 | 1 | 2 | 1 | 2 | 7 | |||
| JOB2 | 2 | 2 | 1 | 1 | 6 | ||||
| JOB3 | 1 | 1 | 1 | 1 | 1 | 1 | 6 |
Iam looking for output where i could display day along with date
| JOB | 11/12/2020(Friday) | 12/12/2020(Saturday) | 13-12-2020(Sunday) | 14-12-2020(Monday) | 15-12-2020(Tuesday) | 16-12-2020(Wednesday) | 17-12-2020(Thrusday) | 18-12-2020(Friday) | Total |
| Job1 | 8 | 10 | 18 | ||||||
| Job2 | 1 | 1 |
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below can help..
index=_internal | convert timeformat="%d-%m-%y(%A)" ctime(_time) AS c_time | stats count by c_time sourcetype |xyseries sourcetype c_time count | addtotals row=true
| sort - "Total"
----------------------
An upvote would be appreciated if the above reply is useful to you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below can help..
index=_internal | convert timeformat="%d-%m-%y(%A)" ctime(_time) AS c_time | stats count by c_time sourcetype |xyseries sourcetype c_time count | addtotals row=true
| sort - "Total"
----------------------
An upvote would be appreciated if the above reply is useful to you.
