I have the following search as I'm trying to compare yesterday's count to today's count per hour and I am seeing events per hour for latest_day, but no events per hour for today
index=foo
| timechart count span=1h
| timewrap 1d
Is the fact that I have the span set to 1h and timewrap set to 1d an issue?
Here is what I see:
Thx
I know this sounds dumb, but is your time frame set to something longer than 1 day? If you have your time frame set to one day, that's exactly what it'll do. Try changing it to "last 7 days" or something.
and latest_day means today 1day_before means yesterday and so on
let me know if this solves your problem:
happy splunking 🙂
I know this sounds dumb, but is your time frame set to something longer than 1 day? If you have your time frame set to one day, that's exactly what it'll do. Try changing it to "last 7 days" or something.
and latest_day means today 1day_before means yesterday and so on
let me know if this solves your problem:
happy splunking 🙂
Not dumb at all as I'm sure that has killed many search!
I do have the time picker set to "Last 24 hours". Changing it to "Last 7 days," I'm still not seeing what I would expect. It's not breaking down yesterday's event count per hour, just providing an overall count for the day.
Thx
Apologizes as diving into this more I finally realized your point on making sure the time picker is set correctly. Once I got that right, everything worked expected.
Thx again for the help!
but it is working perfectly fine at my end :
Try downloading this app and run the search again.
https://splunkbase.splunk.com/app/1645/
Try and let me know
I do have the app installed already
Thx
run this search for yesterday
index=foo
and see if you getting events for 24hrs? according to graph there is no data @yesterday except at 13 PM .
I have 1,087,163 million events for yesterday:
_time
count
2018-01-09 00:00 65
2018-01-09 01:00 57
2018-01-09 02:00 38
2018-01-09 03:00 12
2018-01-09 04:00 3
2018-01-09 05:00 71
2018-01-09 06:00 11
2018-01-09 07:00 6
2018-01-09 08:00 1701
2018-01-09 09:00 48821
2018-01-09 10:00 46659
2018-01-09 11:00 68360
2018-01-09 12:00 76469
2018-01-09 13:00 83794
2018-01-09 14:00 81029
2018-01-09 15:00 85605
2018-01-09 16:00 84611
2018-01-09 17:00 90232
2018-01-09 18:00 93578
2018-01-09 19:00 88134
2018-01-09 20:00 86039
2018-01-09 21:00 73613
2018-01-09 22:00 48728
2018-01-09 23:00 29527