Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is timewrap an official SPL command in Splunk 6.5?

rjthibod
Champion
‎10-26-2016 03:53 AM

I noticed that timewrap came up as suggested SPL command in a Splunk 6.5 search box (see attachment). The command does seem to work. I do not have the timewrap app installed on this system.

Is timewrap officially part of the SPL lexicon in 6.5? If so, are people going to encounter significant problems if they have the timewrap installed on a Splunk 6.5 system?

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎10-26-2016 05:23 AM

Updated:

Yes, the timewrap command was added in 6.5. Documentation is here - http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-26-2016 06:12 AM

Finally!!

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-26-2016 03:58 AM

It's an app that has been around for a while.

The following says Timewrap

-- This small app gives you a new, convenient search command called "timewrap" that does it all, for arbitrary time periods. Compare week-over-week, day-over-day, month-over-month, quarter-over-quarter, year-over-year, or any multiple (e.g. two week periods over two week periods).

-- Just add "| timewrap w" after a 'timechart' command, and compare week-over-week. Or use 'h' (hour), 'w' (week), 'm' (month), 'q' (quarter), 'y' (year).

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 04:01 AM

I downvoted this post because i am sorry, but you must have missed the part of my post that says i do not have the app installed and this suggestions still comes up. this is a clean 6.5 test box.

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎10-26-2016 05:07 AM

Timewrap doesn't have a doc page in the Splunk Docs, so it's likely that you'll need the app in order to use the command. If the app is installed correctly, I don't think people will see problems with the command.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-26-2016 05:09 AM

I am sorry @cmerriman, but I do not have the app.

It looks like it is part of 6.5. Response from official Splunk is forthcoming.

You can find info for timewrap in searchbnf.conf in the Splunk 6.5 files.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...