Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Chart Android over Iphone apache logs

daniel333
Builder
‎12-03-2013 03:26 PM

so I have

index=apache useragent=android | timechart etc etc
index=apache useragent=iphone | timechart etc etc

but what I want to do is group by platform. Basically I want a line for iphone, android, mac, windows. How can I limit my user agents to be grouped by platform?

index=apache | timechart status by useragent

Reply

kristian_kolb
Ultra Champion
‎12-03-2013 04:30 PM

You might be wanting;

... | timechart count by useragent

Possibly you also want to control the size of the time slices used by the timechart, with the use of span=<span>

Read more in the docs.

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timechart

/K

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...