Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

age group report from birth year data

dhavamanis
Builder
‎04-16-2014 01:31 PM

I have a raw data and its contains the user birth Year, city and registered date, how to calculate the age group report based on city and (year quarterly / monthly / daily) .

Data dump like :

userID    Birth_year    city       country   registered_date

1           1983         New York    US       04/04/2012

2           1977         Los Angelos US       01/02/1998

Sample Results :

Age    City       Count

2012-Q1 :

7-14  Los Angelos  25

15-21 Los Angelos  12

2012-Q2 :

22-33 Los Angelos  1050

7-14  New York  2050

15-21 New York  301

22-33 New York  101
Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

linu1988
Champion
‎04-16-2014 02:00 PM

The formatting is not really possible in splunk. And i am assuming all the fields are already extracted and accessible by field name. Let's try the below

source=...|eval Qtr=strftime(strptime(registered_date,"%m/%d/%Y"),"%m")|eval Qtr=floor(Qtr%3)+1|eval Qtr="Q".Qtr|eval Year=strftime(strptime(registered_date,"%m/%d/%Y"),"%Y")|eval tage=Year-Birth_year|eval Age_Group=case(tage>6 AND tage<15,"7-14",tage>14 AND tage<22,"15-21",tage>21 AND tage<34,"22-33")|eval YQtr=Year."-".Qtr|stats count as "No of People" by Age_Group,City,YQtr

Thanks

View solution in original post

Reply
Solved! Jump to solution
Solution

linu1988
Champion
‎04-16-2014 02:00 PM

The formatting is not really possible in splunk. And i am assuming all the fields are already extracted and accessible by field name. Let's try the below

source=...|eval Qtr=strftime(strptime(registered_date,"%m/%d/%Y"),"%m")|eval Qtr=floor(Qtr%3)+1|eval Qtr="Q".Qtr|eval Year=strftime(strptime(registered_date,"%m/%d/%Y"),"%Y")|eval tage=Year-Birth_year|eval Age_Group=case(tage>6 AND tage<15,"7-14",tage>14 AND tage<22,"15-21",tage>21 AND tage<34,"22-33")|eval YQtr=Year."-".Qtr|stats count as "No of People" by Age_Group,City,YQtr

Thanks

Reply
Solved! Jump to solution

linu1988
Champion
‎04-16-2014 09:43 PM

it needs the tick mark if it solved the problem 🙂

0 Karma
Reply
Solved! Jump to solution

dhavamanis
Builder
‎04-16-2014 05:53 PM

it works, Thank you!.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...