Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get results from last 1 week and last 3 week for the exact time frame of the search

achittela
Loves-to-Learn
‎07-13-2020 01:04 PM

I am new to Splunk, I am trying to get results in the below pattern. Any help is appreciated.

Lets say I am doing search for last 1 hour. I want to get only the results from last week and last 3 weeks and show the average of those.

For example I am doing search at 11 AM today for last 1 hour time frame. I want to get the results of  only 10 -11 AM every day of last 1 week and 10 - 11 AM of last 3 weeks. And show the average of those.

I tried earliest and latest time ranges also tried time chart with the search but not successful. 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-13-2020 01:52 PM

Here's a run-anywhere example.

index=_internal kbps=* earliest=-3w 
`comment("Get the current hour and day-of-week")`
| eval hour=strftime(now(), "%H"), day=lower(strftime(now(), "%A")) 
`comment("Discard events that don't have the current hour and day")`
| where (date_hour=hour AND date_wday=day) 
| timechart cont=f avg(kbps)
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

achittela
Loves-to-Learn
‎07-13-2020 02:06 PM

Thanks for replying me back. I tied with the below query, it didn't worked for me.

index=test_logs source_category=testapp* status=400 earliest=-3w
| eval hour=strftime(now(), "%H"), day=lower(strftime(now(), "%A"))
| where (date_hour=hour AND date_wday=day)
| timechart cont=f avg(source_category)

I want to show the statistics something like below.

source_category1weekAvg3weekAvg
testapp1109
testapp21512
0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...