Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is timewrap an official SPL command in Splunk 6.5?

rjthibod
Champion
‎10-26-2016 03:53 AM

I noticed that timewrap came up as suggested SPL command in a Splunk 6.5 search box (see attachment). The command does seem to work. I do not have the timewrap app installed on this system.

Is timewrap officially part of the SPL lexicon in 6.5? If so, are people going to encounter significant problems if they have the timewrap installed on a Splunk 6.5 system?

alt text

Preview file
21 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-26-2016 06:12 AM

Finally!!

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-26-2016 03:58 AM

It's an app that has been around for a while.

The following says Timewrap

-- This small app gives you a new, convenient search command called "timewrap" that does it all, for arbitrary time periods. Compare week-over-week, day-over-day, month-over-month, quarter-over-quarter, year-over-year, or any multiple (e.g. two week periods over two week periods).

-- Just add "| timewrap w" after a 'timechart' command, and compare week-over-week. Or use 'h' (hour), 'w' (week), 'm' (month), 'q' (quarter), 'y' (year).

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 04:01 AM

I downvoted this post because i am sorry, but you must have missed the part of my post that says i do not have the app installed and this suggestions still comes up. this is a clean 6.5 test box.

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎10-26-2016 05:07 AM

Timewrap doesn't have a doc page in the Splunk Docs, so it's likely that you'll need the app in order to use the command. If the app is installed correctly, I don't think people will see problems with the command.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 05:09 AM

I am sorry @cmerriman, but I do not have the app.

It looks like it is part of 6.5. Response from official Splunk is forthcoming.

You can find info for timewrap in searchbnf.conf in the Splunk 6.5 files.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...