Splunk Search

How to display Date along with day

harsush
Path Finder

Hi Team,

We could pull day with date_wday - i tried few ways iam unable to display day along with date . Can you pls help on this.

index=XXX source=*abc.log
| rex field=_raw "- (?<uc>U(\d{8})) "
| rex "[^\w](?<JOB>(?<env>[A-Z0-9@_#]+)\.[A-Z0-9@_#]+\.[A-Z0-9@_#]+\.(?<app>[A-Z0-9@_#]+\.[A-Z0-9@_#]+)\.[A-Z0-9@_#]+)"
| search env=* app=* JOB=*** uc=*U00000001*
| eval date=strftime(_time,"%d-%m-%Y")
| stats count by date,JOB
| xyseries JOB,date,count| addtotals row=true
| sort - "Total"

JOB14-12-202015-12-202016-12-202017-12-202018-12-202019-12-202020-12-202021-12-2020Total
JOB111212   7
JOB2 2211   6
JOB311111  16

 

Iam looking for output where i could display day along with date 

 

JOB11/12/2020(Friday)12/12/2020(Saturday)13-12-2020(Sunday)14-12-2020(Monday)15-12-2020(Tuesday)16-12-2020(Wednesday)17-12-2020(Thrusday)18-12-2020(Friday)Total
Job1 810     18
Job211
Labels (6)
0 Karma
1 Solution

saravanan90
Contributor

Below can help..

index=_internal | convert timeformat="%d-%m-%y(%A)" ctime(_time) AS c_time | stats count by c_time sourcetype |xyseries sourcetype c_time count | addtotals row=true
| sort - "Total"

----------------------

An upvote would be appreciated if the above reply is useful to you.

View solution in original post

saravanan90
Contributor

Below can help..

index=_internal | convert timeformat="%d-%m-%y(%A)" ctime(_time) AS c_time | stats count by c_time sourcetype |xyseries sourcetype c_time count | addtotals row=true
| sort - "Total"

----------------------

An upvote would be appreciated if the above reply is useful to you.

Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...