Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to exclude weekends from last 30 days search ?

zacksoft
Contributor
‎05-18-2018 08:01 AM

My query essentially goes thru every event and picks a field with response_time. And then calculates the average value of it.
I need to do this search for last 30 days excluding weekends(saturday,sunday). But in the presets I don't see any option to exclude weekend. Need help for that.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

solarboyz1
Builder
‎05-18-2018 08:14 AM

Something like...
index=main date_wday!=saturday AND date_wday!=sunday

View solution in original post

Reply
Solved! Jump to solution
Solution

solarboyz1
Builder
‎05-18-2018 08:14 AM

Something like...
index=main date_wday!=saturday AND date_wday!=sunday

Reply
Solved! Jump to solution

peterfox1992
Explorer
‎03-24-2022 06:51 AM

Hi @solarboyz1 , How can I have this as a customized input button ?

 

0 Karma
Reply
Solved! Jump to solution

solarboyz1
Builder
‎03-24-2022 06:56 AM

You would need to create something like a checkbox on your form that says something like "Exclude Weekends" or "Week Days Only"

When that checkbox is selected, have it add the "date_wday!=saturday AND date_wday!=sunday"  to your base search. 

 

 

 

0 Karma
Reply
Solved! Jump to solution

peterfox1992
Explorer
‎03-24-2022 08:16 AM

@solarboyz1, Thanks for the reply.

Created input option like this. Working as expected but what I noticed is Tick mark is not changing when I select the other option; showing both buttons as Checked.  Any suggestions ?

<input type="checkbox" token="weekends" id="weekends">
<label>Weekend Option</label>
<choice value="| where NOT (date_wday=&quot;saturday&quot; OR date_wday=&quot;sunday&quot;)">Exclude Weekend</choice>
<choice value="">Include Weekend</choice>
<delimiter> </delimiter>
</input>

 

0 Karma
Reply
Solved! Jump to solution

solarboyz1
Builder
‎03-28-2022 05:49 AM

Tick mark is not changing when I select the other option

 

I'm going to infer that you are using the timechart to visualize the data, and the timechart still has weekends on the x axis.

I believe You will need to switch from timechart  to  using chart over _time 

Which should give you a chart without any weekends. 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...