For example,
Date Max_No Time
7/2/14 75 13:00:00
7/1/14 66 18:00:00
index=login service=abc | timechart span="1h" dc(memberno) | rename dc(memberno) as users | sort - users | head 1
I want to split the events into bins of 1 hr for each day and find the distinct count of them for each hour. Once I do that I need to find the max for that day(out of the 24 bins).The above query gives me the maximum count for any given day. But I want to extend it to last 90 days. how can I do that? I want to plot a graph for the same.
Try this:
index=login service=abc earliest=-90d@d| timechart span="1h" dc(memberno) as users | timechart span=1d max(users)