Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need to extract Workweek from date

shivareddysompa
Explorer
‎06-09-2020 10:00 PM

I have a date like 2020-06-08 06:39:49.0

I need to extract workweek from it.

Thanks in advance.

Labels (1)
Labels
0 Karma
Reply

to4kawa
Ultra Champion
‎06-10-2020 12:38 AM 
| makeresults 
| eval _raw="2020-06-08 06:39:49.0"
| eval time=strptime(_raw,"%F %T.%Q")
| eval weekday=strftime(time,"%w") ,day=strftime(time,"%d") ,month_first=strftime(relative_time(time,"@month"),"%w")
| eval weeks=if(month_first <= weekday,floor(day / 7) + 1,floor(day / 7))

I made this query because I thought it was the second week of the month.

What is workweek?

0 Karma
Reply

bmunson_splunk
Splunk Employee
Splunk Employee
‎06-10-2020 12:52 AM

I define WorkWeek as the week number in the year, so week 1 is the first week  in Jan and 52  is the last full week in Dec.

0 Karma
Reply

bmunson_splunk
Splunk Employee
Splunk Employee
‎06-10-2020 12:20 AM

You can use strftime to create the field.

 

| makeresults | eval WorkWeek = strftime(_time,"%U")
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...