Timewrap command – timewrap command in splunk is used to compare data over specific time period, such as day-over-day or month-over-month. Also used to compare multiple time periods, such as a two week period over another two week period.
Splunk Command – > | timechart count span=1d | timewrap 1week
Usage
- The timewrap command is a reporting command.
- Timechart command in the search before you use the timewrap command.
Basic example:
• Display a timechart, showing comparison of day over previous week| tstats count where index=asa groupby index,_time span=1d | timechart span=1d avg(count) as eventcount| timewrap 1w | eval difference= eventcount_1week_before -eventcount_latest_week | eval Date_before_1w=_time-604800|eval Day=strftime(_time,”%A”) |table Day _time eventcount_latest_week Date_before_1w eventcount_1week_before difference | rename _time as Latest_Date | convert timeformat=”%Y-%m-%d” ctime(*Date*)
In the above example, we have a index “asa” where we are getting lots of data. we have compared that data using the timewrap command. In trendline of 1-2 weeks data and also their differences.
If you are still facing issue regarding timewrap command in splunk Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉
