All Apps and Add-ons

Graph the Highest hits in a 5 minute interval per day split by a field

yechoorv
Explorer

I want to create a graph that graphs the hits of the 5 minute interval with the maximum hits on that day. I also want to split this up by a field called MethodName:

Something like

source:__ | timechart count as hits span=5m | timechart max(hits)

That is the graph I need, but I need to split this by the field: "MethodName"

Any suggestions?

Tags (3)
1 Solution

dwaddle
SplunkTrust
SplunkTrust

Here's an approach that looks like it should work, using Splunk's internal data as an example:

index=_internal 
| bucket span=1m _time 
| stats count by _time,source 
| timechart span=1d max(count) by source

View solution in original post

dwaddle
SplunkTrust
SplunkTrust

Here's an approach that looks like it should work, using Splunk's internal data as an example:

index=_internal 
| bucket span=1m _time 
| stats count by _time,source 
| timechart span=1d max(count) by source

yechoorv
Explorer

Worked perfectly thanks!

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...