Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Day of Week in Columns to Match Day of Week and Return Results

CSULeigh
Explorer
‎08-21-2020 10:59 AM

In my lookup table, I have the days of the week as columns with "Y" or "N" in the field (not able to change this as this is how the data is provided). I would like to return only the results from the lookup table that matches the day of the week and the day of the week columns with "Y". 

I have been looking at using IF statements and Where clauses, but not really getting it. The data columns look like this:

MonTueWedThuFriSatSun
YNYNNNN
NYNYNYN

 

I have been extracting the day by using dayOfWeek=strftime(_time, "%a") from the imbeded search query:

| inputlookup somecsv.csv
| join email [search index=someindex | eval dayOfWeek=strftime(_time, "%a")]
| table or stats (data from inputlookup that matches the days of the week from the search)

This is where I get stuck. Any help will be greatly appreciated. 

Labels (5)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Nisha18789
Builder
‎08-21-2020 03:23 PM

Hi @CSULeigh , not sure if I understand the  ask completely, but have you tried 

 

| inputlookup somecsv.csv
| join type=outer dayOfWeek [search index=someindex | eval dayOfWeek=strftime(_time, "%a")|eval found=1]

|where isnotnull(found)

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-21-2020 12:06 PM
Is the table shown an example lookup table? If so, how are the multiple rows for each day to be interpreted?
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

CSULeigh
Explorer
‎08-21-2020 02:51 PM

Yes the table is an example. There is more data to the tables. Basically anything with a "Y" marked on the day column is when the class will be available. This lookup table has the class data and need to return the class data based on a search of survey data from an index that will have the day that needs to match the lookup data based on the day. I hope this helps.

0 Karma
Reply
Solved! Jump to solution
Solution

Nisha18789
Builder
‎08-21-2020 03:23 PM

Hi @CSULeigh , not sure if I understand the  ask completely, but have you tried 

 

| inputlookup somecsv.csv
| join type=outer dayOfWeek [search index=someindex | eval dayOfWeek=strftime(_time, "%a")|eval found=1]

|where isnotnull(found)

Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...