You said you want "the data of a week, and the data of the same week but one year earlier"
For a moment forget about splunk. how do you accomplish this on paper, if not looking at the week number in the year? If i recall correctly all years have 52 weeks. This doesn't change regardless of the year. What does change is the day of the week a year starts.
This | eval date_week_of_year = strftime(_time, "%U") takes that in consideration by giving you the number of the week starting on Sunday and considering all theother days before the 1st Sunday as week 0.
If you want your week to start on monday you can switch %U to %W in this expression.
... View more