Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to take only monday data for a month

dtccsundar
Path Finder
‎10-21-2021 03:56 AM

Hi,

My requirement is to take each week monday data alone for a month in trending chart .

This need to be showed for status field ,which will have ( pass,fail,error,deleted) values in it.The individual count of  status to be shown for each week monday for a month.

Please let me know how to do this .

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-21-2021 04:32 AM

Hi @dtccsundar,

date_wday is a default field in Splunk, if you haven't you can extract it in this way from _time:

<your_search>
| eval date_wday=strftime(_time,"%A")
| search date_wday!="Monday"

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-21-2021 04:02 AM

Hi @dtccsundar,

did you already tried to insert in your main search:

date_wday="monday"

?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

dtccsundar
Path Finder
‎10-21-2021 04:07 AM

Thank you .

Yes tried with earliest=-30d@w1 latest=-d@w1 in my search , but i couldnt get the desired o/p.

I am not seeing the field date_wday in my events , since i am using a sql view as source.How this can be achieved in this case.

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-21-2021 04:15 AM

Hi @dtccsundar,

please try something like this:

earliest=-30d@d latest=-d@d date_wday="monday"

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

dtccsundar
Path Finder
‎10-21-2021 04:19 AM

Thank you .

I am getting no results for this .

I have _time field in my events . Is is possible to derive each monday from that ?

Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-21-2021 04:32 AM

Hi @dtccsundar,

date_wday is a default field in Splunk, if you haven't you can extract it in this way from _time:

<your_search>
| eval date_wday=strftime(_time,"%A")
| search date_wday!="Monday"

Ciao.

Giuseppe

Reply
Solved! Jump to solution

dtccsundar
Path Finder
‎10-21-2021 04:42 AM

Thank you. This worked Perfectly !!

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-21-2021 04:53 AM

Hi @dtccsundar,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution

dtccsundar
Path Finder
‎10-21-2021 06:31 AM

Hi Giuseppe,

Can you please help me in the below drill down please ,

 

Need help for the below, The sourcetypes has different values in it like below,

 index=a sourcetype=b |eval details= ONE |

append [|search index=c sourcetype=d|eval details=TWO] |

append [|search index=e sourcetype=f|eval details=THREE]

|eventstats count by details| Pass%=count(pass)/total*100,2 Fail%=count(fail)/total*100,2 Error%=count(Error)/total*100,2 |table pass fail error total

I have a barchart with x-axis with details and y-axis %(pass%,fail%,error%) of ( pass fail error etc).

When i click the details(x-axis) in barchart , the trending should show number of individual Pass,fail,error based on the details values selected .

The click values should be passed to the the trending .Please let me know how it can be achieved .

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...