All Apps and Add-ons

Error count between two times for last 3 days by using timewrap

New Member

Number of error count between 2.30 AM 4.30 AM for last 3 days to compare the count by using "timewrap" command

Output should be below : please provide by using only "timewrap"

_time 2daysbefore 1daybefore Today

7/25/2018 2.30 AM 3500 2300 9878

7/25/2018 3.30 AM 2300 2465 6756

7/25/2018 4.30 AM 3213 2345 6543

Tags (1)
0 Karma

Champion

The search sentence became redundant, but ...
Easier if it is in units of 30 minutes or 00 minutes.

(your search) earliest=-2d@d
|timechart span=30m count
|eval hhmm=strftime(_time,"%H:%M"),date=strftime(_time,"%Y-%m-%d")
|where hhmm>="02:30" AND hhmm<="16:30"
|eval hhmm=if(substr(hhmm,4,2)="00",substr(hhmm,1,3)+"30",hhmm)
|stats sum(count) as count ,max(_time) as _time by date,hhmm
|fields - date,hhmm
|timewrap 1day
0 Karma