Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Displaying results of same search over period of time

mo86
New Member
‎08-30-2018 06:42 AM

I have the following search and am looking to display its results over the past 30 days. It currently shows the results but only the current day is accurate. Any advice would be much appreciated...

index=data NOT ID="" earliest=-30d@d latest=now|regex name!="[a-z]."|dedup id2|timechart span=1d count

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-30-2018 10:16 AM

You probably don't need dedup. Try this search:

index=data NOT ID="" earliest=-30d@d latest=now|regex name!="[a-z]."|timechart span=1d dc(id2) as count
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎08-30-2018 07:27 AM

It currently shows the results but but only the current day is accurate///
more details required.. may we know how you say that only current day is accurate, the older day logs are loaded properly or any issues?!?!

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

mo86
New Member
‎08-30-2018 07:40 AM

I believe there is something wrong with the dedup. Today shows the correct value and the day before shows a number, in this case 3. When I remove dedup all the results are off by 3.

0 Karma
Reply

mo86
New Member
‎08-30-2018 08:05 AM

Is there any way I can break up the search to make it dedup by one day at a time not across the whole thing?

0 Karma
Reply
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...