How to get the count by days? - Splunk Community

Splunk Enterprise

Query:
index=apl-app-grap sourcetype=grap:apps source=*applications* host=xxxxxx
|rex field =_raw "\|rank\:(?<Report>.*?)\|"
|eval Pass=if(Report="0", "Pass", null())
|stats count(Pass) as Passed_Count
output:

Passed_Count

700

But i need the output for day wise, suppose if i select 7 days i should get 7 rows (showing each day count) like shown below:

Passed_Count
100
100
100
100
100
100
100

index=apl-app-grap  sourcetype=grap:apps source=*applications*  host=xxxxxx
|rex field =_raw "\|rank\:(?<Report>.*?)\|"
|eval Pass=if(Report="0", "Pass", null())
|bin span=1d _time
|stats count(Pass) as Passed_Count by _time

Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...