Also, Splunk provides default datetime fields to aid in time-based grouping/searching. These fields are available on any event:
date_second
date_minute
date_hour
date_mday (the day of the month)
date_wday (the day of the week)
date_month
date_year
To group events by day of the week, let's say for Monday, use date_wday=monday . If grouping by day of the week in a chart try:
... | timechart span=1d count by date_wday
More details and examples are available here: http://docs.splunk.com/Documentation/Splunk/5.0/Knowledge/Usedefaultfields#Default_datetime_fields
Happy dating! 😉
... View more