Re: Report results for each hour in a day

kvaga · ‎01-18-2019

Hello! I have a report and wanna have results for each hour for the last day (last 24 hours).
I.e. it would be like this:

00:00 - 00:59 - result 1
01:00 - 01:59 - result 2
...
23:00-23:59 - result 24

And I have a dashboard where I want to see my 24 last results.
How can I do it?

nvanderwalt_spl · ‎01-20-2019

You can do the following:

|bin _time span=1h
|eval timerange = strftime(_time, "%H:%M - %H:59")
|stats count by timerange

woodcock · ‎01-20-2019

You should use timechart span=1h to generate your tabular data and then do | head 24 at the end to only keep the last 24 hours.

dkeck · ‎01-19-2019

Hi

A good way to get results over time is

|timechart

Something like your search earliest=-24h| timechart span=1h count
Then you can display that as chart or diagram

kvaga · ‎01-20-2019

My data visualization type is a table. I have a dashbord and want to have there all 24 reports. I.e. a result for each hour

dkeck · ‎01-20-2019

Can post your search query?

Report results for each hour in a day