Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can we exclude weekends from the count of the number of days for the age of a ticket?

splunker9999
Path Finder
‎06-27-2016 02:20 PM

Hi ,

We have a field called AGING which tells how many days a ticket exists.

In order to get the accurate age, we want to subtract weekends from the AGING field.

For example: If aging has value of 30 days, we need to exclude all Saturdays and Sundays from these 30 days and need to output the results.

Can you please help?

Thanks.

0 Karma
Reply

sundareshr
Legend
‎06-27-2016 02:49 PM

Try this

... | eval end=_time | eval start=end-(aging*86400)| eval range=mvrange(start, end, 86400) | convert ctime(range) timeformat="%+" | eval BusinessDays=mvcount(mvfilter(NOT match(range,"(Sun|Sat).*")))
Reply

woodcock
Esteemed Legend
‎06-28-2016 07:36 AM

Brilliant; I learned mvrange today!

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...