Dashboards & Visualizations

How to know the number of events processed in a dashboard?

zacksoft
Contributor

Question1. I have a dashboard with multiple timecharts type query running with different logic and different preset times.
I want to know how many events were processed as a part of that chart to run. And if possible can I have that value see in that same dashboard?

Question2. I want a query that should be able to tell me how many events are there in a specific time period I choose. e.g. 25th Aug from 10 to 14 or something like 15th August all day. possibly in a timechart visualization like monday = 30000 events, tuesday = 45666 events .....etc.. in a line chart

0 Karma

inventsekar
SplunkTrust
SplunkTrust

the timechart command will do this task...

*|timechart span=1d count

alt text
alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

zacksoft
Contributor

Thanks @inventsekar . Any idea about the first question?
How do I know the number of events processed to have the chart run ?

0 Karma

zacksoft
Contributor

After a query has run and given me an output in a chart in a dashboard. How do I know the number of events that were processed for that SPL query. @inventsekar

0 Karma

inventsekar
SplunkTrust
SplunkTrust

i am not much getting your query...
maybe, you can copy paste the dashboard query..
or, you can create an alert with the same splunk query and email you the results..

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

zacksoft
Contributor

@inventsekar Let me give an example.

There is timechart query running in my dashboard and the query essentially gives me the average response time of requests with a span=1d over last 24 hours in a line chart format. And the query runs absolutely fine with no error.
What I am interested here to know is, "as a part of this query execution how many events were processed" ? OR what are the number of events that were used by the query ?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...