Reporting

How do I add the date to each data point to the report

daleydlin
Loves-to-Learn

I am creating a dashboard to collect the past 30 days of data of countries and hits. 

I am new to Splunk dashboard's/report/analytics. I've learned to use splunk the past 5 days and running a query is equivalent to coding in "Splunk" similar to how creating a dashboard in "ServiceNow" is coding in ServiceNow. 

I need to know what to enter into my query to create a new column with the date of each data point. It's a simple ask and I cannot find the answer anywhere on your forum or documentation. 

Labels (1)
Tags (1)
0 Karma

mztopp
Explorer

I'm not sure what search you are using at the moment, but here is a generic example of what I believe you are asking: <search here> | stats count by _time, field1, field2

This would result in:

_time                                                    field1                         field2                     count

-------------------------------------------------------------------------------------------------------------

2021-02-08 17:00:00                  ex1                            ex2                                1

0 Karma

daleydlin
Loves-to-Learn

The query I am modifying that somebody else wrote is:

index=default-ap1 sourcetype="Service-cb152a4c4e694c9f9f74b261f0a8e909-prod-*" magic_bits | eval is_tamp=if(magic_bits!=0 AND magic_bits!=1, "tamp request", "gen request") | search is_tamp="tamp request" | iplocation request_client_ip | top limit=100 Country

 

 

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...