Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Week details to be dispalyed in a filter ex: week1(1st-7th apr) , week2 (8th -14th Apr)

rijinc
Explorer
‎05-16-2019 06:32 AM

Hi All,

I have a reported date time field which i am converting and displaying as a month filter - which contains values as Jan -2019 , Feb -2019
ex : Reported date time field = 05/05/2019 16:29 (%d/%m/%Y %H:%M)

Is it possible to show week filter which will be depended on Month filter.

For ex : if I select month (Apr -19) from the filter, the week filter should display something like week 1 , week2, week3 for the month of APr 19

let me know if this is possible ? Hope to get a response as i tried all possibilities which i know....Need help

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nabeel652
Builder
‎05-16-2019 10:05 PM

Hope this will help:

"your query that includes _time field"   | eval weeknumber=strftime(_time,"%V") | eval day = strftime(_time,"%d-%b-%y") | eval dt = strftime(strptime(strftime(_time,"01-%m-%Y"),"%d-%m-%Y"),"%V") | eval weeknumber = if(strftime(_time,"%m") == "12" AND weeknumber = "01","53",weeknumber) | eval weeknumber = "Week - ".(weeknumber-dt+1)

%v will give you Mon-Sun week and %u will give you Sun-Sat week - whatever you need. I've left extra fields in for explanation sake. You can filter them out.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nabeel652
Builder
‎05-16-2019 10:05 PM

Hope this will help:

"your query that includes _time field"   | eval weeknumber=strftime(_time,"%V") | eval day = strftime(_time,"%d-%b-%y") | eval dt = strftime(strptime(strftime(_time,"01-%m-%Y"),"%d-%m-%Y"),"%V") | eval weeknumber = if(strftime(_time,"%m") == "12" AND weeknumber = "01","53",weeknumber) | eval weeknumber = "Week - ".(weeknumber-dt+1)

%v will give you Mon-Sun week and %u will give you Sun-Sat week - whatever you need. I've left extra fields in for explanation sake. You can filter them out.

0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...