Solved: time span = week

gowtham08091 · ‎07-20-2020

Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use | bin span=1w, instead of showing the last or latest data of week it is summing the weeks total. I am looking for trend chart, where to display first or last data of a week or month.

i used same bin command earlier and but this time one difference is i a, using stats.

I use the query in the following format

gowtham08091 · ‎07-20-2020

@anilchaithu

I am looking for a trend report like weekly and monthly trend, like. Weekly trend should how the result from last data of a week and monthly trend to show the data from last day of a month. (not the cumulative sum of week and month)

View solution in original post

anilchaithu · ‎07-20-2020

@gowtham08091

Its the bin functionality to sum the field values for the given span.

what do you mean by "to display first or last data of a week or month"? Do you want to show only a single data point?

gowtham08091 · ‎07-20-2020

@anilchaithu

I am looking for a trend report like weekly and monthly trend, like. Weekly trend should how the result from last data of a week and monthly trend to show the data from last day of a month. (not the cumulative sum of week and month)

gowtham08091 · ‎07-24-2020

Thanks for the feedback, with your comment i found that i am missing the _time in my search and i get the expected results when I add _time in dedup

Thanks

time span = week

stats

timechart

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?