I am really new to splunk and can some one please help me I need to calculate number of request hitting our host so below is what written for every 15 minutes for one day in the log I am already using "Secure ABC" | search source = host which
filters and gives the below format but i need to calculate actual count (2345678-2340000) which is 5678 hitting 15 minutes like wise I have to find the count for whole day from the log. Any idea how to find difference
Here is the regex for extracting the field with the Field Extractor (Hits):
(?i) ABC : (?P.+)
And here is the statement I put in the search field:
| table date_month date_mday date_hour date_minute Hits | delta Hits as tempdiff | eval Difference=tempdiff*(-1)
I am first creating a table to display the time and the extracted field, which I called "Hits". Then I calculated the difference using the delta command. To remove the negative prefix, I multiplied the field with -1.