- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Excels' Networkdays equivalent in Splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there an equivalent or something like Networkdays from excel in Splunk??
I want to calculate the duration between two dates and exclude from the calculation all the weekends and holidays.
Ex. Startdate = Dec. 30, 2013, Enddate = Jan. 4, 2014
I want to get the duration between above dates. Note that Jan. 1, is holiday and assuming that Jan, 2, 3 would be weekends.
Please Help..
Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this,
search:
| gentimes start=-1 | eval CreateDateEpoch="1412136000" | table CreateDateEpoch | eval start=relative_time(CreateDateEpoch,"@d") | eval end=relative_time(now(),"@d") | eval Date=mvrange(start,end+86400,86400) | convert ctime(Date) timeformat="%+" | eval NoOfBusinessDays=mvcount(mvfilter(NOT match(Date,"(Sun|Sat).*")))
Source: https://answers.splunk.com/answers/186662/i-am-try-to-to-find-the-number-of-business-days-be.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this,
search:
| gentimes start=-1 | eval CreateDateEpoch="1412136000" | table CreateDateEpoch | eval start=relative_time(CreateDateEpoch,"@d") | eval end=relative_time(now(),"@d") | eval Date=mvrange(start,end+86400,86400) | convert ctime(Date) timeformat="%+" | eval NoOfBusinessDays=mvcount(mvfilter(NOT match(Date,"(Sun|Sat).*")))
Source: https://answers.splunk.com/answers/186662/i-am-try-to-to-find-the-number-of-business-days-be.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks vasanthmss, I'll give this a try.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi vasanthmss,
The Weekends work for me, but how about holidays?? Do you any idea?
Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Maybe you coudl create a lookup with all the holidays, and the in the query filterout those days.
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi gfuerte,
I am able to create a lookup with all the holidays, but I am not able to filter using the lookup output fields. The "match" expression uses a regex.
For example, I have a new fields from lookup called "Holiday_list". Your idea was something like below??(correct me if I'm wrong)
mvfilter(not match(Date, Holiday_list)), wherein the "Date" will be filtered based on the contents of the "Holiday_list" fields.
Thanks
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
