Splunk Search

Search that combines last 7 days and year-to-date

jhackle13
New Member

My current search below pulls findings for current day and year-to-date starting 2/1/2021.  I need help with a way to pull for the previous business week and year-to-date starting 2/1/2021.  What adjustments can i make to the search below that will pull that?

index=overwatch-summary overwatch-vuln-type="*"
| where _time>strptime("2021/02/01 00:00:00","%Y/%m/%d %H:%M:%S")
| eval _time=if(_time < now()-86400, now()-86400, now())
| rex field=resource_id "subscriptions/(?<subscriptionId>[0-9a-fA-F\-]+)"
| lookup subscription_managed.csv subscriptionId OUTPUT managed
| fillnull value="Unmanaged" managed
| search managed=Unmanaged
| fillnull value="" blob_name
| eval unique_id=if(isnotnull(unique_id),unique_id,sha256('overwatch-vuln-type' . "_" . resource_id . "_" . issue . blob_name))| chart dc(unique_id) as count over _time| bin _time span=1d
| append
[ stats c
| eval _time=now()
| eval count=0
| bin _time span=1d
| fields _time count ]
| stats sum(count) as count by _time

Labels (1)
0 Karma

bowesmana
SplunkTrust
SplunkTrust

Previous business week you can get with "snap to" on the relative_time command, so this will calculate the start and end range of week starting on Monday and ending Sunday

| eval start_week=relative_time(now(), "-w@w1"), end_week=start_week+(86400 * 7)

 Note that your use of 

| where _time>strptime("2021/02/01 00:00:00","%Y/%m/%d %H:%M:%S")

seems unnecessary, as you can either set that date range from your search time window or just as

earliest="02/01/2021 00:00:00"

on the search line.

 

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...