Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to search data created before last 14 Business days?

wangzhaoyu
New Member
‎01-16-2019 01:43 AM

I have a set of data with "submit date" like "2019-Jan-16 17:42:00". How can I get data submitted before 14 Business days? Thanks!

Tags (2)
0 Karma
Reply

mayurr98
Super Champion
‎01-16-2019 02:28 AM

Hi Try this simple query

index=your_index latest=-14d@d earliest=0 NOT (date_wday=saturday OR date_wday=sunday)

let me know if this helps!

0 Karma
Reply

dkeck
Influencer
‎01-16-2019 01:58 AM

HI,

do you want all data older than 14 days , or the data that came in on the 14th day before today?

0 Karma
Reply

wangzhaoyu
New Member
‎01-16-2019 02:01 AM

Hi,

I want the number of all data older than 14 Business days. thanks!

0 Karma
Reply

dkeck
Influencer
‎01-16-2019 02:06 AM

try index=your_index latest=-14d@d earliest=0 | stats count

for a simple count

0 Karma
Reply

wangzhaoyu
New Member
‎01-16-2019 02:11 AM

Does "latest=-14d@d" mean last Business days? or last natural days? thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...