Solved: time span = week

gowtham08091 · ‎07-20-2020

Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use | bin span=1w, instead of showing the last or latest data of week it is summing the weeks total. I am looking for trend chart, where to display first or last data of a week or month.

i used same bin command earlier and but this time one difference is i a, using stats.

I use the query in the following format

gowtham08091 · ‎07-20-2020

@anilchaithu

I am looking for a trend report like weekly and monthly trend, like. Weekly trend should how the result from last data of a week and monthly trend to show the data from last day of a month. (not the cumulative sum of week and month)

View solution in original post

anilchaithu · ‎07-20-2020

@gowtham08091

Its the bin functionality to sum the field values for the given span.

what do you mean by "to display first or last data of a week or month"? Do you want to show only a single data point?

gowtham08091 · ‎07-20-2020

@anilchaithu

I am looking for a trend report like weekly and monthly trend, like. Weekly trend should how the result from last data of a week and monthly trend to show the data from last day of a month. (not the cumulative sum of week and month)

gowtham08091 · ‎07-24-2020

Thanks for the feedback, with your comment i found that i am missing the _time in my search and i get the expected results when I add _time in dedup

Thanks

time span = week

stats

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation