Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

help on timechart

jip31
Motivator
‎01-28-2022 01:14 AM

hello

I need to do a timechart from a stats count 

this stats count is used to pre filter events (sante=OK)

index=toto sourcetype=tutu 
| stats count(hang) as hang, count(crash) as crash, count(web) as web by site 
| eval sante=if((hang>5) AND (crash>2) AND (webduration>=1), "OK","KO")   
| search sante=OK

 Now I wonder how to do to timechart these events?

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎01-28-2022 01:30 AM

Your stats command needs to include some sort of time element

index=toto sourcetype=tutu 
| bin _time span=1h
| stats count(hang) as hang, count(crash) as crash, count(web) as web by _time site 
| eval sante=if((hang>5) AND (crash>2) AND (webduration>=1), "OK","KO")   
| search sante=OK

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎01-28-2022 01:30 AM

Your stats command needs to include some sort of time element

index=toto sourcetype=tutu 
| bin _time span=1h
| stats count(hang) as hang, count(crash) as crash, count(web) as web by _time site 
| eval sante=if((hang>5) AND (crash>2) AND (webduration>=1), "OK","KO")   
| search sante=OK
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...