Re: Apache GET requests - include total count and ...

hharvey · ‎12-06-2013

I've got a line chart to display a count of GET requests for URLS/product name over time. Pretty straight forward search:

index=apache sourcetype=app_access "/products/" | timechart  span=1m count by productname

I've also got a line chart of total GET requests over time:

index=apache sourcetype=app_access "/products/" | timechart span=1m count

Can I combine these two searches into one timechart (line chart, I'm not interested in a stacked column) so that lines for each product AND a line for the total are displayed at once. Feel like this should be easy, but I haven't stumbled on the answer yet!

asimagu · ‎12-09-2013

there can be several approaches, the overlay view with advanced XML as a complex solution and something easier depending on how flexible you are on how you want the data displayed.

I would try first by appending | addtotals to your timechart by product

Check out the command options in the documentation to make it work the way you want 😉

Apache GET requests - include total count and sub counts on same chart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation