rezamt · May 21, 2025 06:51
diff --git a/report.spl b/report.spl
 index=your_index_name sourcetype="your_sourcetype" IsInteractive=true
 | eval week=strftime(_time, "%U"), day=strftime(_time, "%Y-%m-%d")
 | eval Result=if(ResultType="0", "Success", "Failure")
 | eval weekLabel=case(relative_time(now(), "@w0") <= _time, "This Week", relative_time(now(), "-1w@w0") <= _time AND _time < relative_time(now(), "@w0"), "Last Week", "Other")
 | search weekLabel="This Week" OR weekLabel="Last Week"
 | stats count by day, weekLabel, Result
 | eval Label=case(Result="Success" AND weekLabel="This Week", "Current Success",
                  Result="Failure" AND weekLabel="This Week", "Current Failure",
                  Result="Success" AND weekLabel="Last Week", "Success Trend (Last Week)",
                  Result="Failure" AND weekLabel="Last Week", "Failure Trend (Last Week)")
 | timechart span=1d sum(count) as count by Label
	index=your_index_name sourcetype="your_sourcetype" IsInteractive=true
	\| eval week=strftime(_time, "%U"), day=strftime(_time, "%Y-%m-%d")
	\| eval Result=if(ResultType="0", "Success", "Failure")
	\| eval weekLabel=case(relative_time(now(), "@w0") <= _time, "This Week", relative_time(now(), "-1w@w0") <= _time AND _time < relative_time(now(), "@w0"), "Last Week", "Other")
	\| search weekLabel="This Week" OR weekLabel="Last Week"
	\| stats count by day, weekLabel, Result
	\| eval Label=case(Result="Success" AND weekLabel="This Week", "Current Success",
	Result="Failure" AND weekLabel="This Week", "Current Failure",
	Result="Success" AND weekLabel="Last Week", "Success Trend (Last Week)",
	Result="Failure" AND weekLabel="Last Week", "Failure Trend (Last Week)")
	\| timechart span=1d sum(count) as count by Label