Re: on day-2 of every year which will generate a C...

dmacgillivray · ‎04-06-2015

Hello Splunk,

I am Trying to write an eval statement that would allow a development team push data to a csv that contains
the number of days in each month excluding weekends. I am hoping to do this without using unix scripting and
purely with Splunk SPL

Just want to do schedule this to go to a csv perhaps as many as ten years in advance? Does anyone know
of an easy eval statement that would go to a lookup?

Thanks,
Daniel MacGillivray

dmacgillivray · ‎04-09-2015

Thanks Vganjare. That is superb ! Who knew. Splunk can cover every possibility. It is like someone invented ANSI sql all over again !!

vganjare · ‎04-09-2015

Hi,

You can use *gentimes * command. Following is sample search query:

|gentimes start=-40 end=+100|fields starttime|eval date=strftime(starttime,"%m-%d-%Y")|eval day=strftime(starttime,"%A")|eval mon=strftime(starttime,"%m")|eval month=strftime(starttime,"%b")|eval year=strftime(starttime,"%Y")|fields date,day,month,mon,year | eval holiday=if(day=="Sunday" or day=="Saturday", "Yes", "No") | where holiday="No" | stats count by mon,year

Change the gentimes start and end as per your need.

Thanks!!

on day-2 of every year which will generate a CSV having the number of days in each month excluding weekends.

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...