Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to include month name in streamstats as?

dvg06
Path Finder
‎04-16-2023 06:09 PM

Hi Legends

How do I give bit more meaningful names for fields last_sum and first_sum in below query?

i.e. something like sum_February and sum_March? 

Is there a way to use the value of date_month field in a search? 

streamstats current=f window=1 last(sum) as last_sum  first(sum) as first_sum

Labels (1)
Labels
Reply

yeahnah
Motivator
‎04-16-2023 06:55 PM

Hi @dvg06 

Assuming you want something dynamic, then this run anywhere example shows a method to use...

| makeresults | eval last_sum="100", first_sum="200"
| eval current_month=strftime(now(), "%B"), previous_month=strftime(relative_time(now(), "-1month@month"), "%B")
      ,last_{current_month}=last_sum, first_{previous_month}=first_sum
| table last* first*

Hope that helps

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...