Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is timewrap an official SPL command in Splunk 6.5?

rjthibod
Champion
‎10-26-2016 03:53 AM

I noticed that timewrap came up as suggested SPL command in a Splunk 6.5 search box (see attachment). The command does seem to work. I do not have the timewrap app installed on this system.

Is timewrap officially part of the SPL lexicon in 6.5? If so, are people going to encounter significant problems if they have the timewrap installed on a Splunk 6.5 system?

alt text

Preview file
21 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-26-2016 06:12 AM

Finally!!

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-26-2016 03:58 AM

It's an app that has been around for a while.

The following says Timewrap

-- This small app gives you a new, convenient search command called "timewrap" that does it all, for arbitrary time periods. Compare week-over-week, day-over-day, month-over-month, quarter-over-quarter, year-over-year, or any multiple (e.g. two week periods over two week periods).

-- Just add "| timewrap w" after a 'timechart' command, and compare week-over-week. Or use 'h' (hour), 'w' (week), 'm' (month), 'q' (quarter), 'y' (year).

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 04:01 AM

I downvoted this post because i am sorry, but you must have missed the part of my post that says i do not have the app installed and this suggestions still comes up. this is a clean 6.5 test box.

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎10-26-2016 05:07 AM

Timewrap doesn't have a doc page in the Splunk Docs, so it's likely that you'll need the app in order to use the command. If the app is installed correctly, I don't think people will see problems with the command.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 05:09 AM

I am sorry @cmerriman, but I do not have the app.

It looks like it is part of 6.5. Response from official Splunk is forthcoming.

You can find info for timewrap in searchbnf.conf in the Splunk 6.5 files.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...