Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is timewrap an official SPL command in Splunk 6.5?

rjthibod
Champion
‎10-26-2016 03:53 AM

I noticed that timewrap came up as suggested SPL command in a Splunk 6.5 search box (see attachment). The command does seem to work. I do not have the timewrap app installed on this system.

Is timewrap officially part of the SPL lexicon in 6.5? If so, are people going to encounter significant problems if they have the timewrap installed on a Splunk 6.5 system?

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-26-2016 06:12 AM

Finally!!

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-26-2016 03:58 AM

It's an app that has been around for a while.

The following says Timewrap

-- This small app gives you a new, convenient search command called "timewrap" that does it all, for arbitrary time periods. Compare week-over-week, day-over-day, month-over-month, quarter-over-quarter, year-over-year, or any multiple (e.g. two week periods over two week periods).

-- Just add "| timewrap w" after a 'timechart' command, and compare week-over-week. Or use 'h' (hour), 'w' (week), 'm' (month), 'q' (quarter), 'y' (year).

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 04:01 AM

I downvoted this post because i am sorry, but you must have missed the part of my post that says i do not have the app installed and this suggestions still comes up. this is a clean 6.5 test box.

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎10-26-2016 05:07 AM

Timewrap doesn't have a doc page in the Splunk Docs, so it's likely that you'll need the app in order to use the command. If the app is installed correctly, I don't think people will see problems with the command.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 05:09 AM

I am sorry @cmerriman, but I do not have the app.

It looks like it is part of 6.5. Response from official Splunk is forthcoming.

You can find info for timewrap in searchbnf.conf in the Splunk 6.5 files.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...