Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to search data created before last 14 Business days?

wangzhaoyu
New Member
‎01-16-2019 01:43 AM

I have a set of data with "submit date" like "2019-Jan-16 17:42:00". How can I get data submitted before 14 Business days? Thanks!

Tags (2)
0 Karma
Reply

mayurr98
Super Champion
‎01-16-2019 02:28 AM

Hi Try this simple query

index=your_index latest=-14d@d earliest=0 NOT (date_wday=saturday OR date_wday=sunday)

let me know if this helps!

0 Karma
Reply

dkeck
Influencer
‎01-16-2019 01:58 AM

HI,

do you want all data older than 14 days , or the data that came in on the 14th day before today?

0 Karma
Reply

wangzhaoyu
New Member
‎01-16-2019 02:01 AM

Hi,

I want the number of all data older than 14 Business days. thanks!

0 Karma
Reply

dkeck
Influencer
‎01-16-2019 02:06 AM

try index=your_index latest=-14d@d earliest=0 | stats count

for a simple count

0 Karma
Reply

wangzhaoyu
New Member
‎01-16-2019 02:11 AM

Does "latest=-14d@d" mean last Business days? or last natural days? thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...