Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

issue regarding date_wday

elaine0102
Explorer
‎11-10-2012 01:12 AM

| stats count by date_wday |

Hi all, above return me Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday.

How can I make it to display : Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday ?

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎11-10-2012 09:23 PM

It would be a lot better to do:

... | timechart span=1d count by _time

or

... | bucket span=1d _time | stats count by _time
Reply

sdaniels
Splunk Employee
Splunk Employee
‎11-10-2012 04:57 AM

The first thing you'll use is time modifiers depending on when you are searching. For example earliest=@w1 would snap to Monday of the current week. Check it out because depending on when you do the search you'll want to control what days you are looking at.

http://docs.splunk.com/Documentation/Splunk/4.2.3/SearchReference/SearchTimeModifiers

There is an example in the docs specific to handling days of the week. Just a simple | sort -date_wday doesn't work since that will just sort alphabetically.

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/sort

... | eval wd=lower(Day) | eval sort_field=case(wd=="monday",1, wd=="tuesday",2, wd=="wednesday",3, wd=="thursday",4, wd=="friday",5, wd=="weekend",6) | sort sort_field | fields - sort_field
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...