Splunk Search
Highlighted

How to write a search to find stats for a specific time range based on the day of the week?

Path Finder

Hi,

How do I get the stats for the last week/month for different time frames based on the day of the week?

Monday to Saturday 10:00 AM - 9:00 PM
Sunday 12:00 PM - 8:00 PM

Thanks.

0 Karma
Highlighted

Re: How to write a search to find stats for a specific time range based on the day of the week?

Path Finder

You should be able to do this with a 'where' clause and the datewday/datehour fields like this:

search sourcetype=bob | where (date_hour>=10 AND date_hour<21 AND date_wday!="sunday") OR (date_hour>=12 AND date_hour<20 AND date_wday=="sunday")

View solution in original post

0 Karma
Highlighted

Re: How to write a search to find stats for a specific time range based on the day of the week?

Path Finder

Thanks that worked:)

0 Karma
Highlighted

Re: How to write a search to find stats for a specific time range based on the day of the week?

SplunkTrust
SplunkTrust

Try something like this

If datehour and datewday fields are available in your events

index=foo sourcetype=bar  (date_wday=sunday AND date_hour>=12 date_hour<20 ) OR (date_wday!=sunday AND date_hour>=10 date_hour<21 ) 

If they are not

 index=foo sourcetype=bar | eval date_wday=lower(strftime(_time,"%A")) | eval date_hour=tonumber(strftime(_time,"%H")) | where  (date_wday=sunday AND date_hour>=12 date_hour<20 ) OR (date_wday!=sunday AND date_hour>=10 date_hour<21 ) 
Highlighted

Re: How to write a search to find stats for a specific time range based on the day of the week?

Path Finder

I've datehour and datewday fields. Thanks for your time.

0 Karma