Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Week details to be dispalyed in a filter ex: week1(1st-7th apr) , week2 (8th -14th Apr)

rijinc
Explorer
‎05-16-2019 06:32 AM

Hi All,

I have a reported date time field which i am converting and displaying as a month filter - which contains values as Jan -2019 , Feb -2019
ex : Reported date time field = 05/05/2019 16:29 (%d/%m/%Y %H:%M)

Is it possible to show week filter which will be depended on Month filter.

For ex : if I select month (Apr -19) from the filter, the week filter should display something like week 1 , week2, week3 for the month of APr 19

let me know if this is possible ? Hope to get a response as i tried all possibilities which i know....Need help

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nabeel652
Builder
‎05-16-2019 10:05 PM

Hope this will help:

"your query that includes _time field"   | eval weeknumber=strftime(_time,"%V") | eval day = strftime(_time,"%d-%b-%y") | eval dt = strftime(strptime(strftime(_time,"01-%m-%Y"),"%d-%m-%Y"),"%V") | eval weeknumber = if(strftime(_time,"%m") == "12" AND weeknumber = "01","53",weeknumber) | eval weeknumber = "Week - ".(weeknumber-dt+1)

%v will give you Mon-Sun week and %u will give you Sun-Sat week - whatever you need. I've left extra fields in for explanation sake. You can filter them out.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nabeel652
Builder
‎05-16-2019 10:05 PM

Hope this will help:

"your query that includes _time field"   | eval weeknumber=strftime(_time,"%V") | eval day = strftime(_time,"%d-%b-%y") | eval dt = strftime(strptime(strftime(_time,"01-%m-%Y"),"%d-%m-%Y"),"%V") | eval weeknumber = if(strftime(_time,"%m") == "12" AND weeknumber = "01","53",weeknumber) | eval weeknumber = "Week - ".(weeknumber-dt+1)

%v will give you Mon-Sun week and %u will give you Sun-Sat week - whatever you need. I've left extra fields in for explanation sake. You can filter them out.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...