I have a table like below.
when i use below query, i don't see date in sorted order in my graph. Could you please help how to get graph in sorted order by date.
source=abcd.csv|fields Date,count|stats by Date,count
the output is like below, which is not what i want
the problem here is that Splunk is not aware that your
Date field represents a
time value; for Splunk it is a simple numeric value and therefore it sorts the value based on the first digits before the first
/. You need to tell Splunk that this is a time based field, sort it and revert it back to your human readable date value like this:
... | fields Date,count | stats by Date,count | eval Date=strptime(Date, "%d/%m/%Y") | sort Date | eval Date=strftime(Date, "%d/%m/%Y")
Hope this helps ...
with the above query, is it possible to get total count by week and month?
I want the count for week ending 22/mar as 30 and week ending 29/mar as 20. Like wise, need to monthly for february/march,etc
source=abcd.csv | fields Date,count | eval _time=strptime(Date,"%d/%m/%Y") | stats count by _time,count