Solved: Week details to be dispalyed in a filter ex: week1...

rijinc · ‎05-16-2019

Hi All,

I have a reported date time field which i am converting and displaying as a month filter - which contains values as Jan -2019 , Feb -2019
ex : Reported date time field = 05/05/2019 16:29 (%d/%m/%Y %H:%M)

Is it possible to show week filter which will be depended on Month filter.

For ex : if I select month (Apr -19) from the filter, the week filter should display something like week 1 , week2, week3 for the month of APr 19

let me know if this is possible ? Hope to get a response as i tried all possibilities which i know....Need help

nabeel652 · ‎05-16-2019

Hope this will help:

"your query that includes _time field"   | eval weeknumber=strftime(_time,"%V") | eval day = strftime(_time,"%d-%b-%y") | eval dt = strftime(strptime(strftime(_time,"01-%m-%Y"),"%d-%m-%Y"),"%V") | eval weeknumber = if(strftime(_time,"%m") == "12" AND weeknumber = "01","53",weeknumber) | eval weeknumber = "Week - ".(weeknumber-dt+1)

%v will give you Mon-Sun week and %u will give you Sun-Sat week - whatever you need. I've left extra fields in for explanation sake. You can filter them out.

View solution in original post

nabeel652 · ‎05-16-2019

Hope this will help:

"your query that includes _time field"   | eval weeknumber=strftime(_time,"%V") | eval day = strftime(_time,"%d-%b-%y") | eval dt = strftime(strptime(strftime(_time,"01-%m-%Y"),"%d-%m-%Y"),"%V") | eval weeknumber = if(strftime(_time,"%m") == "12" AND weeknumber = "01","53",weeknumber) | eval weeknumber = "Week - ".(weeknumber-dt+1)

%v will give you Mon-Sun week and %u will give you Sun-Sat week - whatever you need. I've left extra fields in for explanation sake. You can filter them out.

Week details to be dispalyed in a filter ex: week1(1st-7th apr) , week2 (8th -14th Apr)

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!