Re: Apache GET requests - include total count and ...

hharvey · ‎12-06-2013

I've got a line chart to display a count of GET requests for URLS/product name over time. Pretty straight forward search:

index=apache sourcetype=app_access "/products/" | timechart  span=1m count by productname

I've also got a line chart of total GET requests over time:

index=apache sourcetype=app_access "/products/" | timechart span=1m count

Can I combine these two searches into one timechart (line chart, I'm not interested in a stacked column) so that lines for each product AND a line for the total are displayed at once. Feel like this should be easy, but I haven't stumbled on the answer yet!

asimagu · ‎12-09-2013

there can be several approaches, the overlay view with advanced XML as a complex solution and something easier depending on how flexible you are on how you want the data displayed.

I would try first by appending | addtotals to your timechart by product

Check out the command options in the documentation to make it work the way you want 😉

Apache GET requests - include total count and sub counts on same chart

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Apache GET requests - include total count and sub counts on same chart

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!