Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Timechart last month to prior month comparison with trend

timm747747
Path Finder
‎03-15-2018 06:28 AM

Hi, I am trying to compare the number of events from last month to the prior month. So January and February and display the trend line using timechart. I am trying this search:

eventtype=incident type=Email earliest=-2mon (classification=Malicious OR classification="Malware") | timechart span=1month count

The problem is that it is displaying this month (March) compared to last month and not last month to February.

Any help would be greatly appreciated!!

T

Reply

skoelpin
SplunkTrust
SplunkTrust
‎03-15-2018 07:52 AM

Try this 

eventtype=incident type=Email earliest=-2mon (classification=Malicious OR classification="Malware") earliest=-2month@month latest=-1month@month
| timechart span=1month count
| timewrap 1month
0 Karma
Reply

logloganathan
Motivator
‎03-15-2018 06:49 AM

you can select the time range from January 1st to February 28th in splunk

eventtype=incident type=Email classification=Malicious OR classification="Malware" | timechart span=1m count

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top