Database Reference
In-Depth Information
Putting days of the week in an alphabetical order
The previous screenshot is interesting, but you would probably like to format the result so
that the days of the week are in the normal weekday order instead of in alphabetical order.
To do this, you need to create two new fields:
DayOfWeekA
, that represents the alphabetic
day of the week, and
DayOfWeekN
, that represents the numerical day of the week. (We're
inventing the names of our new fields here.) We use a function,
strftime
, to evaluate the
_time
field and return the days of the week in the format we are looking for.
%A
specifies
the alphabetical day of the week, and
%u
specifies the numerical day of the week; the com-
bination here will give us our days in the proper order.
Note
For more information on this and other functions, refer to
http://docs.splunk.com/Docu-
Then we ask for the events to be sorted first by
DayofWeekN
(numerically), and then fol-
lowed by
DayOfWeekA
(alphabetically). The following code specifies this:
buttercupgames | eval DayOfWeekA=strftime(_time,"%A") | eval
DayOfWeekN=strftime(_time,"%u")| top 1 productId by
DayOfWeekN, DayOfWeekA
The result appears as follows:
