Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to not display the weekend in a chart?

jip31
Motivator
‎11-15-2022 05:27 AM

hi

I want to not display the week end in my chart

for example, if i use a time picler range of 7 days, I just want to display Monday to Friday

I have to filter the events  with the time_wd like this but it is not really works because as you can see I have no results for saturday but I have results for sunday!

 

 

 

 

| search (time_h > 6 AND time_h <20) AND NOT (time_wd=6 OR time_wd=7)

 

 

 

 

 

jip31_0-1668518817618.png

could you help please?

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-16-2022 07:24 AM

Good.  We've eliminated Saturday and Sunday from the data.  As I said earlier, we have little control over the x-axis.  Splunk does not provide a way to skip days on the axis.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-15-2022 05:40 AM

The time_wd logic is incorrect.  Try this

| search (time_h > 6 AND time_h <20) AND NOT (time_wd=6 OR time_wd=7)
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎11-15-2022 07:29 AM

sorry it is what i have done but I put a wrong exaple, I have corrected it sorry

so even if I do your example, I have the problem related in the screenshot

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-15-2022 07:36 AM

Can you share the complete query, please (mask sensitive information)?  The problem appears to be outside this search command.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎11-15-2022 08:01 AM

Here is

`index_mes` (sourcetype=web_request OR sourcetype=web:request) web_domain=stmcpag 
| search (time_h > 6 AND time_h <20) AND NOT (time_wd=6 OR time_wd=7) 
| timechart span=1d avg(web_dur) as web_dur 
| eval "web_dur"=round('web_dur',0) 
| eventstats avg("web_dur") as Moyenne 
| eval Moyenne=round(Moyenne,0)
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-15-2022 08:55 AM

Thank you.  As I suspected, the timechart command is filling in missing dates.  Use the cont option to prevent that.

`index_mes` (sourcetype=web_request OR sourcetype=web:request) web_domain=stmcpag 
| search (time_h > 6 AND time_h <20) AND NOT (time_wd=6 OR time_wd=7) 
| timechart cont=f span=1d avg(web_dur) as web_dur 
| eval "web_dur"=round('web_dur',0) 
| eventstats avg("web_dur") as Moyenne 
| eval Moyenne=round(Moyenne,0)

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎11-15-2022 10:15 PM

it changes nothing

here is my code

`index_mes
` (sourcetype=web_request OR sourcetype=web:request)  
| search (time_h > 6 AND time_h <20) AND NOT (time_wd=6 OR time_wd=7) 
| timechart span=1d cont=f avg(web_duration_ms) as web_duration_ms

and what is strange is that saturdy 12 Nov seems to be excluded of the search but not sunday

 

jip31_0-1668579176270.png

and what i really need is to not display saturday and sunday on the x axis

jip31_1-1668579296836.png

 

 

 

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-16-2022 06:28 AM

Saturday is gone now so that's progress.  It's curious that Sunday is being counted even though it's supposed to have been eliminated.  Have you verified the values of time_wd?  Could they be 0-1 rather than 1-7?

I believe the x-axis still may have Saturday and Sunday listed.  We have little control over what the axis looks like.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎11-16-2022 07:13 AM

time_wd go to 0 to 6 so 6 correspond to saturday and 0 correspond to sunday, sorry

but if I have an accurate look, even if I am doing time_wd=6 , I have a few events between 0 PM and 1h PM so it means that these events corrspond to sunday and not saturday

it's the same for all the other choices

so if i am doing this in my tumechart

 

| search (time_h > 6 AND time_h <20) AND NOT (time_wd=6 OR time_wd=0)

 

the bar chart are not displayed for saturday and sunday

jip31_0-1668611049844.png

But idealy I would like to be able to erase totaly saturday and sunday

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-16-2022 07:24 AM

Good.  We've eliminated Saturday and Sunday from the data.  As I said earlier, we have little control over the x-axis.  Splunk does not provide a way to skip days on the axis.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎11-16-2022 07:32 AM

 It's a shame but if it's not possible, too bad Thanks for your help

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-16-2022 07:38 AM

Consider making a case for skipping days at https://ideas.splunk.com

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...