Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

COnvert week number to the 1st date in that week

nikita012
New Member
‎04-04-2019 02:17 AM

Below is the data. Weeknum is the number of week where 01-05 are week numbers from 2019 and 40-44 are week numbers from 2018. I want to generate a chart for the same data with x-axis as the first date of each week number. Ex- 40 should be Oct 1, 2018 and 01 should be 30/12/2018. How do I do it?

week Total
01 3
02 2
03 1
04 1
05 3
40 4
41 9
42 4
43 5
44 10

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎04-04-2019 07:19 AM

@nikita012 please try one of my older answers https://answers.splunk.com/answers/637244/time-range-to-display-count-of-weekly.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nikita012
New Member
‎04-08-2019 12:14 AM

alt text

Following is the code:-

| eval Dates=strptime(Date, "%m/%d/%Y")
| sort Dates
| eval Dates=strftime(Dates, "%d/%m/%Y")
| eval weeknum=strftime(relative_time(strptime(Dates,"%d/%m/%Y"),"@w2"),"%Y/%V")
| stats min(_time) as MinTime by weeknum
| eval MinTime=strftime(MinTime,"%m/%d/%Y")
| eval WeekStartDate=strftime(relative_time(strptime(MinTime,"%m/%d/%Y"),"-0w@w"),"%m/%d/%Y")

This code is not giving the start date of each weeknum. 2018/39 should be 01/10/2018. It's taking the start date of the current week. How should I reslove it?

Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution
Solution

niketn
Legend
‎04-04-2019 07:19 AM

@nikita012 please try one of my older answers https://answers.splunk.com/answers/637244/time-range-to-display-count-of-weekly.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

nikita012
New Member
‎04-05-2019 02:46 AM

alt text

I applied the code and got year no./week no. on x-axis. Ex- 2018/39 where 2018 is the year no. and 39 is the week no. How can I get the first date of that week on x-axis. Can you please provide the code for it. Ex- 2019/01 should be 01/01/2019.

Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎04-05-2019 06:11 AM

@nikita012 I am not sure how the post does not help with your current query?
Following is a run anywhere example which converts your time format data %Y/%U to %m/%d/%Y

index=_internal sourcetype=splunkd log_level!=ERROR component=Exec* 
| eval WeekOfYear=strftime(_time,"%Y/%U") 
| stats count as Errors min(_time) as MinTime by WeekOfYear 
| eval MinTime=strftime(MinTime,"%m/%d/%Y") 
| eval WeekStartDate=strftime(relative_time(strptime(MinTime,"%m/%d/%Y"),"-0w@w"),"%m/%d/%Y")
| table WeekStartDate Errors
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...