Comparing week-over-week results

Comparing week-over-week results is a pain in Splunk. You have to do absurd math with crazy date calculations for even the simplest comparison of a single week to another week.

No more. I wrote a convenient search command called timewrap that does it all, for arbitrary time periods, over *multiple* periods (compare the last 5 weeks). Compare week-over-week, day-over-day, month-over-month, quarter-over-quarter, year-over-year, or any multiple (e.g. two week periods over two week periods). It also supports multiple series (e.g., min, max, and avg over the last few weeks).

After a ‘timechart’ command, just add “| timewrap 1w” to compare week-over-week, or use ‘h’ (hour), ‘m’ (month), ‘q’ (quarter), ‘y’ (year).

David Carasso
