forked from JustinAzoff/splunk-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
makeyearly.py
executable file
·62 lines (47 loc) · 1.55 KB
/
makeyearly.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env python
"""make yearly - collapse yearly data on top of itself for reporting multiple
years on a single overlayed chart
You can accomplish a similar thing with
| convert timeformat="%m-%d" ctime(_time) as day | chart sum(clients) by day,date_year
but if your data follows a monday-friday usage pattern, this chart will not look right
"""
import sys,splunk.Intersplunk
import datetime
import time
now = datetime.date.today()
day=datetime.timedelta(days=1)# so the weekday stays the same
def add_years(d, cutoff):
added=4
while d.year < now.year:
d += day*364
added+=1
if added == 7:
d += day*7
added=0
d -= 364*day
if d.month <= cutoff:
d += day*364
return d
def get_results():
keywords, options = splunk.Intersplunk.getKeywordsAndOptions()
cutoff = int(options.get('cutoff', 0))
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
data = []
for r in results:
ts = r["_time"]
d = datetime.date.fromtimestamp(int(ts))
tm = add_years(d, cutoff)
if d.month > cutoff:
r["year"] = d.year
else:
r["year"] = d.year-1
r["_time"] = tm.strftime("%s")
results.sort(key=lambda x: x['_time'],reverse=True)
return results
try:
results = get_results()
except:
import traceback
stack = traceback.format_exc()
results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
splunk.Intersplunk.outputResults( results )