- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to get Date Range per month?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need to get the no. of days per month in my data. But in my data there is 2 fields for Date which is Start Date and End Date.
Ex. Start Date: October 15, 2017
End Date: February 10, 2018
I need to get the no. of days per months in above example.
I tried to used the mvrange to get the range between the 2 fields and mvcount to get the no. of days but the result I'm getting total range of the data starting october to february.
Is there a way I can get it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this run anywhere search:
|makeresults|eval Start Date="October 15, 2017", End Date="February 10, 2018"|eval Start Date=strptime('Start Date',"%B %d, %Y"),End Date=strptime('End Date',"%B %d, %Y")| eval days=round(('End Date'-'Start Date')/86400)
strptime('Start Date',"%B %d, %Y") should give you seconds since Jan 1st 1970.
Hope this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a report that runs every day and is doing calculations based on the number of days that have occurred so far. After pulling my hair out and using a variety of techniques posted in these forums, I ended up with:
| eventstats dc(date_mday) AS daysInMonth
Unless i'm mistaken, the date_* fields are automatically generated in splunk (at least all the data i've seen has them) and this was the easiest and most reliable method I found.
It looks like if I use the same logic to span across months, I would simply do
| eventstats dc(date_mday) AS daysInMonth BY date_month
Which when my table spans a couple of months, gives me the count of days for the specific month associated with the _time field and other data for that month.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this run anywhere search:
|makeresults|eval Start Date="October 15, 2017", End Date="February 10, 2018"|eval Start Date=strptime('Start Date',"%B %d, %Y"),End Date=strptime('End Date',"%B %d, %Y")| eval days=round(('End Date'-'Start Date')/86400)
strptime('Start Date',"%B %d, %Y") should give you seconds since Jan 1st 1970.
Hope this helps!
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
