Solved: Month to date for previous month with current mont...

prakashmca05 · ‎06-01-2020

Hi,

I have to extract the sum of particular search output from my query and the same needs to be compared with previous month to date.
For example, consider today is June 15th, and i have the sum as 150000 for last 15 days, and now i would like to get the same sum for previous month, ie., till May 1-15th using the same query. Could someone suggest on this.

I have tried the eval epoch30days_ago=relative_time(now(), "-28d@d" ), but this is not giving the accurate data.

Thanks

wmyersas · ‎06-01-2020

Per https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/SearchTimeModifiers, try something like this:

index=ndx sourcetype=srctp earliest=-1mon@mon latest=-30d@d

View solution in original post

wmyersas · ‎06-01-2020

Per https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/SearchTimeModifiers, try something like this:

index=ndx sourcetype=srctp earliest=-1mon@mon latest=-30d@d

prakashmca05 · ‎06-04-2020

It works with slight modification as below.

-1mon@mon
-30d@day

wmyersas · ‎06-04-2020

you're right! put the @ in the wrong spot 🙂

Month to date for previous month with current month date

other

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms