Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to subtract one week from the current week in a report name?

VeloCiraptor
Observer
‎02-11-2022 04:32 AM

Hello everybody,

I have a report that is generated every week.

I want to name the title of the report with the previous week number.

I use the « action.email.reportFileName » field to choose the report generate name

For example :.

We are the 2022/02/11  which is 6th week of the year.

The report is scheduled today but I want to mention the W-1 week -> so the number 5.

I identified that with the variable %V I can dynamically generate the name of the report with the current week.

I'm looking for a trick to put the number of the past week

If someone has a solution please

Kind regards !

Labels (1)
Labels
Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎02-12-2022 11:35 AM

Something like this:

|makeresults
| eval report_day="2022/02/11"
| eval previous_report_day = strftime(relative_time(strptime(report_day, "%Y/%m/%d"), "-7days"), "%Y/%m/%d")
| eval report_week = strftime(strptime(report_day, "%Y/%m/%d"), "%u")
| eval previous_report_week = report_week - 1
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎02-11-2022 06:04 PM

Like this?

| eval lastweek = tonumber(strftime(_time, "%V")) - 1
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2022 10:15 PM

Might not work very well across the year's beginning.

Could use modulo 52 or offestting back one week before doing strftime.

Another possible issue - what about a week 53/0 (end of last year, beginning of current one) - how should it be counted?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...