Latest Updates


Timewrap Command

Image result for splunk

  • Timewrap command is used to compare data over specific time period, such as day-over-day or month-over-month.
  • Also used to compare multiple time periods, such as a two week period over another two week period.
  • Splunk Command  - >  | timechart count span=1d | timewrap 1week
  • The timewrap command is a reporting command.
  • Timechart command in the search before you use the timewrap command.
Basic example:
• Display a timechart, showing comparison of day over previous week

| tstats count where index=asa groupby index,_time span=1d | timechart span=1d avg(count) as eventcount| timewrap 1w | eval difference= eventcount_1week_before  -eventcount_latest_week | eval Date_before_1w=_time-604800|eval Day=strftime(_time,”%A”) |table Day  _time eventcount_latest_week Date_before_1w eventcount_1week_before difference | rename _time as Latest_Date | convert timeformat="%Y-%m-%d" ctime(*Date*)

In the above example, we have a index “asa” where we are getting lots of data. we have compared that data using the timewrap command. In trendline of 1-2 weeks data and also their differences.

If you are still facing issue regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don't Forget to Follow us on 👍 Social Networks, happy Splunking >😉
Timewrap Command Reviewed by Avotrix.Author on Wednesday, January 09, 2019 Rating: 5

No comments:

All Rights Reserved by Avotrix © 2018 - 2019
Developed and created by Avotrix

Contact Form


Email *

Message *

Powered by Blogger.