Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

count duplicates with results in single value with trendline

Mike6960
Path Finder
‎02-28-2018 12:02 AM

I want to count duplicates of certain fields in my data. I am using this search:

..mysearch...| chart count(O_D) as "B_D" by G_B span=1d
| where B_D >1
|stats count ("B_D")

This gives the result I want, but I want to present this in a single value with a trendline. I tried replacing chart with timechart but then the result ends in 0

Tags (1)
0 Karma
Reply

HiroshiSatoh
Champion
‎02-28-2018 12:17 AM

timechart uses _time. Do _time exist in the previous result?

If you use the time chart, this field name will also be changed. Please also check the field name.

0 Karma
Reply

Mike6960
Path Finder
‎02-28-2018 12:23 AM

what previous result do you mean? Which field name do you mean? If i run my search, i still see _time in my raw events

0 Karma
Reply

HiroshiSatoh
Champion
‎02-28-2018 12:42 AM

Can I provide changed search sentences?

0 Karma
Reply

Mike6960
Path Finder
‎02-28-2018 12:52 AM

Yes please

0 Karma
Reply

Mike6960
Path Finder
‎02-28-2018 02:40 AM

or did i understand you wrong?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...