×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
jhackle13
New Member
Member since: ‎03-09-2021
‎03-10-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-09-2021
Activity Feed
View All

Search that combines last 7 days and year-to-date

by in Splunk Search
‎03-09-2021 02:58 PM
‎03-09-2021 02:58 PM
My current search below pulls findings for current day and year-to-date starting 2/1/2021.  I need help with a way to pull for the previous business week and year-to-date starting 2/1/2021.  What adjustments can i make to the search below that will pull that? index=overwatch-summary overwatch-vuln-type="*" | where _time>strptime("2021/02/01 00:00:00","%Y/%m/%d %H:%M:%S") | eval _time=if(_time < now()-86400, now()-86400, now()) | rex field=resource_id "subscriptions/(?<subscriptionId>[0-9a-fA-F\-]+)" | lookup subscription_managed.csv subscriptionId OUTPUT managed | fillnull value="Unmanaged" managed | search managed=Unmanaged | fillnull value="" blob_name | eval unique_id=if(isnotnull(unique_id),unique_id,sha256('overwatch-vuln-type' . "_" . resource_id . "_" . issue . blob_name))| chart dc(unique_id) as count over _time| bin _time span=1d | append [ stats c | eval _time=now() | eval count=0 | bin _time span=1d | fields _time count ] | stats sum(count) as count by _time ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-10-2021 12:10 AM