Solved: Month to date for previous month with current mont...

prakashmca05 · ‎06-01-2020

Hi,

I have to extract the sum of particular search output from my query and the same needs to be compared with previous month to date.
For example, consider today is June 15th, and i have the sum as 150000 for last 15 days, and now i would like to get the same sum for previous month, ie., till May 1-15th using the same query. Could someone suggest on this.

I have tried the eval epoch30days_ago=relative_time(now(), "-28d@d" ), but this is not giving the accurate data.

Thanks

wmyersas · ‎06-01-2020

Per https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/SearchTimeModifiers, try something like this:

index=ndx sourcetype=srctp earliest=-1mon@mon latest=-30d@d

View solution in original post

wmyersas · ‎06-01-2020

Per https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/SearchTimeModifiers, try something like this:

index=ndx sourcetype=srctp earliest=-1mon@mon latest=-30d@d

prakashmca05 · ‎06-04-2020

It works with slight modification as below.

-1mon@mon
-30d@day

wmyersas · ‎06-04-2020

you're right! put the @ in the wrong spot 🙂

Month to date for previous month with current month date

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Month to date for previous month with current month date

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!