Splunk Search

compare event count today vs yesterday vs last week vs prior week

john_q
Explorer

Hi,

i want to compare event count today with yesterday,last week and prior week using timewarp complete day like day starting to till now

Tags (1)
0 Karma

jkat54
SplunkTrust
SplunkTrust

Will these work?

... | bin span=1d _time | stats count by _time

And same search but 1w instead of 1d (for weeks instead of days)

0 Karma

john_q
Explorer

hi @jkat54 thnaks for your answer but I want to compare the today event count with yesterday , last and prior week event counts like in the form of line chart like 4 legends.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Yeah, so you do the search above and select the weeks/days you want to chart with your time picker.

0 Karma

john_q
Explorer

can you provide a sample full search for this??

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...