Re: Apache GET requests - include total count and ...

hharvey · ‎12-06-2013

I've got a line chart to display a count of GET requests for URLS/product name over time. Pretty straight forward search:

index=apache sourcetype=app_access "/products/" | timechart  span=1m count by productname

I've also got a line chart of total GET requests over time:

index=apache sourcetype=app_access "/products/" | timechart span=1m count

Can I combine these two searches into one timechart (line chart, I'm not interested in a stacked column) so that lines for each product AND a line for the total are displayed at once. Feel like this should be easy, but I haven't stumbled on the answer yet!

asimagu · ‎12-09-2013

there can be several approaches, the overlay view with advanced XML as a complex solution and something easier depending on how flexible you are on how you want the data displayed.

I would try first by appending | addtotals to your timechart by product

Check out the command options in the documentation to make it work the way you want 😉

Apache GET requests - include total count and sub counts on same chart

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Apache GET requests - include total count and sub counts on same chart

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem