Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Sum last count over servers and time chart

n0cturne
Loves-to-Learn
‎07-02-2021 02:31 AM

Hello,

I have 5 Servers. Every server has an actual count of user sessions. I want them to sum up, without loosing the trend funcion in the single value chart. 

This is my actual query:

 

 

index=ascrm sourcetype=jmx NumUiSessions=* host IN (z1il0095*,z1il0096*,z1il0097*,z1il0098*)
| stats latest(NumUiSessions) as latest_NumUiSessions by host
| stats sum(latest_NumUiSessions) AS UISessions

 

 

 Could anyone give me a clou?

Best regards

Benjamin

Labels (2)
Labels
0 Karma
Reply

n0cturne
Loves-to-Learn
‎07-02-2021 03:27 AM

I want to trend against the value x hours ago. I have a time picker with token. This time token shoul be used to define x.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-02-2021 03:37 AM

Something like this?

index=ascrm sourcetype=jmx NumUiSessions=* host IN (z1il0095*,z1il0096*,z1il0097*,z1il0098*)
| bin _time span=1h
| stats latest(NumUiSessions) as latest_NumUiSessions by host _time
| streamstats sum(latest_NumUiSessions) AS UISessions by _time
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-02-2021 02:40 AM

What are you trending against, because you currently only have one value remaining?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...