topic Re: How do you use the stats command on a timechart output? in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437859#M7917 <P>Where do you get that <CODE>by Date</CODE> from? That <CODE>Date</CODE> field doesn't exist (at least not given the exact query you are showing here).</P> <P>If you want to get the max per-second-count by day, try it like this:</P> <PRE><CODE>...base_query | timechart span=1s count(field_1) as c by field_2 | bin _time span=1d | stats max(c) by _time </CODE></PRE> Mon, 17 Dec 2018 10:24:18 GMT FrankVl 2018-12-17T10:24:18Z How do you use the stats command on a timechart output? https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437858#M7916 <P>Hi,</P> <P>i wanted to calculate a count for every 1 sec period and then find the max of the count per day.</P> <P>i have calculated the count using timechart function.Using query below:</P> <P>1)..base_query|timechart span=1s count(field_1) as c by field_2</P> <P>The output of the above query gives a count every 1 second.</P> <P>Now to calculate the max of count per day. i tried using stats:</P> <P>2)..base_query|timechart span=1s count(field_1) as c by field_2|stats max(c) by Date</P> <P>But, the 2nd query does not give desired output.</P> <P>Thanks in Advance!!!</P> Tue, 29 Sep 2020 22:24:48 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437858#M7916 asharm65 2020-09-29T22:24:48Z Re: How do you use the stats command on a timechart output? https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437859#M7917 <P>Where do you get that <CODE>by Date</CODE> from? That <CODE>Date</CODE> field doesn't exist (at least not given the exact query you are showing here).</P> <P>If you want to get the max per-second-count by day, try it like this:</P> <PRE><CODE>...base_query | timechart span=1s count(field_1) as c by field_2 | bin _time span=1d | stats max(c) by _time </CODE></PRE> Mon, 17 Dec 2018 10:24:18 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437859#M7917 FrankVl 2018-12-17T10:24:18Z Re: How do you use the stats command on a timechart output? https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437860#M7918 <P>This does not give any output</P> Wed, 19 Dec 2018 11:48:45 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437860#M7918 asharm65 2018-12-19T11:48:45Z Re: How do you use the stats command on a timechart output? https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437861#M7919 <P>Can you share the actual search you are running which doesn't give output and / or a screenshot of the situation?</P> Wed, 19 Dec 2018 12:02:04 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-you-use-the-stats-command-on-a-timechart-output/m-p/437861#M7919 FrankVl 2018-12-19T12:02:04Z