https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616266#M106478 <P>Hi Team,<BR /><BR />Im trying to combine events which are generated in a specific span of 1hr and show the count as 1 instead of the actual count. I tried with a bucket and its clubbing them the count is still not coming to 1.<BR />Irrespective of how many events has been geenrated for a specific condition in a span of 1hr I want to keep it as count 1. Can someone help on how to achieve this .Thanks</P> Fri, 07 Oct 2022 14:19:35 GMT kranthimutyala 2022-10-07T14:19:35Z https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616266#M106478 <P>Hi Team,<BR /><BR />Im trying to combine events which are generated in a specific span of 1hr and show the count as 1 instead of the actual count. I tried with a bucket and its clubbing them the count is still not coming to 1.<BR />Irrespective of how many events has been geenrated for a specific condition in a span of 1hr I want to keep it as count 1. Can someone help on how to achieve this .Thanks</P> Fri, 07 Oct 2022 14:19:35 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616266#M106478 kranthimutyala 2022-10-07T14:19:35Z https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616270#M106479 <P>Please share the search you have tried to solve this, preferably in a code block (use the &lt;/&gt; formatting button)</P> Fri, 07 Oct 2022 06:27:38 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616270#M106479 ITWhisperer 2022-10-07T06:27:38Z https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616281#M106480 <P>index = abc Environment = "PROD" ProcessName = "*"&nbsp; LogType = "*" TaskName = "*Main*" (LogLevel=ERROR OR LogLevel=FATAL) | bucket _time span=2h |stats count by _time TaskName</P> Fri, 07 Oct 2022 07:44:44 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616281#M106480 kranthimutyala 2022-10-07T07:44:44Z https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616299#M106482 <P>Your stats command is counting the events in the pipeline and creating stats events - try counting these stats events with the same by clause</P><LI-CODE lang="markup">index = abc Environment = "PROD" ProcessName = "*" LogType = "*" TaskName = "*Main*" (LogLevel=ERROR OR LogLevel=FATAL) | bucket _time span=2h |stats count by _time TaskName |stats count by _time TaskName</LI-CODE> Fri, 07 Oct 2022 10:12:46 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-combine-events-which-got-generated-in-a-specific-span/m-p/616299#M106482 ITWhisperer 2022-10-07T10:12:46Z