Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to fetch the best business week-day for month ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to fetch the best business week-day for month of September ?
rajakabdual
New Member
04-16-2018
12:41 PM
Please help me with my search:
index=sales sourcetype=csv source= sales_new.csv
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmaron
Motivator
04-17-2018
05:51 AM
index=sales sourcetype=csv source= sales_new.csv date_month=september date_wday IN ("monday", "tuesday", "wednesday", "thursday", "friday")
| stats sum(sales) as dailysales by date_mday
| sort - dailysales limit=1
This will give you one single day with the most sales that is a weekday.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TISKAR
Builder
04-17-2018
01:49 AM
Hello,
And if you try this,
index=sales sourcetype=csv source= sales_new.csv date_month=september
| timechart span=1d count
Best
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
deepashri_123
Motivator
04-17-2018
12:25 AM
Hey rajakabdual,
Can u try the following query:
index=sales sourcetype=csv source= sales_new.csv earliest=-1mon@mon
| timechart span=1d count
Let me know if this helps!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
04-16-2018
01:46 PM
When you do say a business day is "best"? Any specific field that you sum/count?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
skoelpin
SplunkTrust
04-16-2018
01:43 PM
Assuming you want the highest count per day over a month period. Try this
index=sales sourcetype=csv source= sales_new.csv
| timechart span=1d count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajakabdual
New Member
04-16-2018
11:28 PM
Hi skoelpin, thanks for answering but my query is i need only September month business weekdays only
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
04-16-2018
01:36 PM
please share some more love so we can better assist you
do you have time fields? a little sample data will help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rajakabdual
New Member
04-16-2018
11:23 PM
yes adonio, here some of my time fields are date_wday ,date_month
Get Updates on the Splunk Community!
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
Splunk Observability for AI
Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...
🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler
From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0
mTLS wasn’t just a checkbox ...
