I have a csv import that has a date field (dd/mm/yyyy) that I want to be able to chart chronologically on the x axis in a graph in Splunk. However, when the field is sorted, it sorts the dates based on the dd and not the actual date e.g. 01/02/2016, 01/05/2016 instead of 01/02/2016, 03/02/2016 etc. How do I tell Splunk to recognise the field as a date and sort chronologically (there are no time stamps)?
As a second query, how do I group these dates up into weeks on a graph? I want to show all the dates between Monday and Sunday on the first week into Week 1, then those dates in Week 2 etc.
The end goal is to plot out a simple stacked bar chart where "Delivery Start _ Triage Date" is the date (grouped by week and plotted chronologically) along the x axis, and "Title" is counting the number of projects along the y axis. "Pipeline" is what I want to break the stacks into (it shows the office where these projects are taking place).
*index="pipedrive_modified" | sort by "Delivery Start _ Triage Date" | chart count("Title") over "Delivery Start _ Triage Date" by "Pipeline"*
![alt text][1]
![alt text][2]
Obviously I want this particular query to group dates by week and then plot them chronologically, but I would also love to know the logic behind / how to get Splunk to recognise fields as a date range and then sort them chronologically (without grouping them into weeks - as per my first query).
Thanks
[1]: /storage/temp/105218-datepipedrive.png
[2]: /storage/temp/105217-pipedrivesplunk.png
↧