- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I add the date to each data point to the report
I am creating a dashboard to collect the past 30 days of data of countries and hits.
I am new to Splunk dashboard's/report/analytics. I've learned to use splunk the past 5 days and running a query is equivalent to coding in "Splunk" similar to how creating a dashboard in "ServiceNow" is coding in ServiceNow.
I need to know what to enter into my query to create a new column with the date of each data point. It's a simple ask and I cannot find the answer anywhere on your forum or documentation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure what search you are using at the moment, but here is a generic example of what I believe you are asking: <search here> | stats count by _time, field1, field2
This would result in:
_time field1 field2 count
-------------------------------------------------------------------------------------------------------------
2021-02-08 17:00:00 ex1 ex2 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The query I am modifying that somebody else wrote is:
index=default-ap1 sourcetype="Service-cb152a4c4e694c9f9f74b261f0a8e909-prod-*" magic_bits | eval is_tamp=if(magic_bits!=0 AND magic_bits!=1, "tamp request", "gen request") | search is_tamp="tamp request" | iplocation request_client_ip | top limit=100 Country
