Reporting

How do I add the date to each data point to the report

daleydlin
Loves-to-Learn

I am creating a dashboard to collect the past 30 days of data of countries and hits. 

I am new to Splunk dashboard's/report/analytics. I've learned to use splunk the past 5 days and running a query is equivalent to coding in "Splunk" similar to how creating a dashboard in "ServiceNow" is coding in ServiceNow. 

I need to know what to enter into my query to create a new column with the date of each data point. It's a simple ask and I cannot find the answer anywhere on your forum or documentation. 

Labels (1)
Tags (1)
0 Karma

mztopp
Explorer

I'm not sure what search you are using at the moment, but here is a generic example of what I believe you are asking: <search here> | stats count by _time, field1, field2

This would result in:

_time                                                    field1                         field2                     count

-------------------------------------------------------------------------------------------------------------

2021-02-08 17:00:00                  ex1                            ex2                                1

0 Karma

daleydlin
Loves-to-Learn

The query I am modifying that somebody else wrote is:

index=default-ap1 sourcetype="Service-cb152a4c4e694c9f9f74b261f0a8e909-prod-*" magic_bits | eval is_tamp=if(magic_bits!=0 AND magic_bits!=1, "tamp request", "gen request") | search is_tamp="tamp request" | iplocation request_client_ip | top limit=100 Country

 

 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...