https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654211#M226058 <LI-CODE lang="markup">your search | bin _time span=1d | stats count by _time field1 field2 field3</LI-CODE><P>also you will need your time range window to cover the time range you are interested in</P><P>The&nbsp;<STRONG>timechart&nbsp;</STRONG> command may also be useful</P> Mon, 14 Aug 2023 02:31:53 GMT bowesmana 2023-08-14T02:31:53Z https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654210#M226057 <P>| stats count by field1&nbsp;field1 field2 field3 only show yesterday count,&nbsp; how can I&nbsp; show count1 for yesterday, count2 for 2-day ago, count3 for 3-day ago,</P> <P>shown as following</P> <P>field1&nbsp; &nbsp;field2 field3 count1 count2 coun3</P> Mon, 14 Aug 2023 17:40:03 GMT https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654210#M226057 rick1168 2023-08-14T17:40:03Z https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654211#M226058 <LI-CODE lang="markup">your search | bin _time span=1d | stats count by _time field1 field2 field3</LI-CODE><P>also you will need your time range window to cover the time range you are interested in</P><P>The&nbsp;<STRONG>timechart&nbsp;</STRONG> command may also be useful</P> Mon, 14 Aug 2023 02:31:53 GMT https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654211#M226058 bowesmana 2023-08-14T02:31:53Z https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654212#M226059 <P>Could timechart multiple fields and time window in column?</P> Mon, 14 Aug 2023 02:58:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654212#M226059 rick1168 2023-08-14T02:58:20Z https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654214#M226060 <P>No timechart is only a single split field, but I mentioned it in case it was relevant.</P><P>The stats command with _time and the bin command should do the trick for you.</P> Mon, 14 Aug 2023 03:01:19 GMT https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654214#M226060 bowesmana 2023-08-14T03:01:19Z https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654227#M226069 <LI-CODE lang="markup">| bin _time span=1d | stats count by _time field1 field2 field3 | eventstats values(_time) as dates | eval day=mvfind(dates, _time)+1 | eval count{day} = count | fields - count dates day _time | stats values(*) as * by field1 field2 field3</LI-CODE> Mon, 14 Aug 2023 06:16:08 GMT https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654227#M226069 ITWhisperer 2023-08-14T06:16:08Z https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654619#M226160 <P><FONT>它有效</FONT>. thanks</P> Thu, 17 Aug 2023 08:05:09 GMT https://community.splunk.com/t5/Splunk-Search/How-to-do-stats-count-for-different-day/m-p/654619#M226160 rick1168 2023-08-17T08:05:09Z