Apache GET requests - include total count and sub ...

hharvey · ‎12-06-2013

I've got a line chart to display a count of GET requests for URLS/product name over time. Pretty straight forward search:

index=apache sourcetype=app_access "/products/" | timechart  span=1m count by productname

I've also got a line chart of total GET requests over time:

index=apache sourcetype=app_access "/products/" | timechart span=1m count

Can I combine these two searches into one timechart (line chart, I'm not interested in a stacked column) so that lines for each product AND a line for the total are displayed at once. Feel like this should be easy, but I haven't stumbled on the answer yet!

asimagu · ‎12-09-2013

there can be several approaches, the overlay view with advanced XML as a complex solution and something easier depending on how flexible you are on how you want the data displayed.

I would try first by appending | addtotals to your timechart by product

Check out the command options in the documentation to make it work the way you want 😉

Apache GET requests - include total count and sub counts on same chart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation