Splunk Search

How to display Date along with day

harsush
Path Finder

Hi Team,

We could pull day with date_wday - i tried few ways iam unable to display day along with date . Can you pls help on this.

index=XXX source=*abc.log
| rex field=_raw "- (?<uc>U(\d{8})) "
| rex "[^\w](?<JOB>(?<env>[A-Z0-9@_#]+)\.[A-Z0-9@_#]+\.[A-Z0-9@_#]+\.(?<app>[A-Z0-9@_#]+\.[A-Z0-9@_#]+)\.[A-Z0-9@_#]+)"
| search env=* app=* JOB=*** uc=*U00000001*
| eval date=strftime(_time,"%d-%m-%Y")
| stats count by date,JOB
| xyseries JOB,date,count| addtotals row=true
| sort - "Total"

JOB14-12-202015-12-202016-12-202017-12-202018-12-202019-12-202020-12-202021-12-2020Total
JOB111212   7
JOB2 2211   6
JOB311111  16

 

Iam looking for output where i could display day along with date 

 

JOB11/12/2020(Friday)12/12/2020(Saturday)13-12-2020(Sunday)14-12-2020(Monday)15-12-2020(Tuesday)16-12-2020(Wednesday)17-12-2020(Thrusday)18-12-2020(Friday)Total
Job1 810     18
Job211
Labels (6)
0 Karma
1 Solution

saravanan90
Contributor

Below can help..

index=_internal | convert timeformat="%d-%m-%y(%A)" ctime(_time) AS c_time | stats count by c_time sourcetype |xyseries sourcetype c_time count | addtotals row=true
| sort - "Total"

----------------------

An upvote would be appreciated if the above reply is useful to you.

View solution in original post

saravanan90
Contributor

Below can help..

index=_internal | convert timeformat="%d-%m-%y(%A)" ctime(_time) AS c_time | stats count by c_time sourcetype |xyseries sourcetype c_time count | addtotals row=true
| sort - "Total"

----------------------

An upvote would be appreciated if the above reply is useful to you.

Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...