Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Count per minute over 7 day period, graphed

pontorito
Explorer
‎06-09-2014 01:28 PM

I am trying to graph distinct count per minute over a 7-day period. I have a search that will give me the correct results, but when I graph the results, they are truncated. I understand splunk will only plot a max number of points, but is there any way I can "squeeze" the visualization to show me a 7-day period and still give me the granularity of 1-minute aggregations so I can see peaks and lows within each day? I am using Hunk.

This is the current search I am using:

index = myIndex eventName
| timechart span=1m dc(myField) by myType

thx for the help!

0 Karma
Reply

somesoni2
Revered Legend
‎06-09-2014 01:43 PM

Try this

  index = myIndex eventName |bucket span=1m _time | stats dc(myField) as uniqueMyField by myType, _time | timechart span=10m avg(uniqueMyField) as uniqueMyField by myType
Reply

somesoni2
Revered Legend
‎06-10-2014 08:51 AM

Great. If there are no followup question around the same, please accept the answer and close the question.

0 Karma
Reply

pontorito
Explorer
‎06-10-2014 07:20 AM

Interesting workaround using 10m span and for now, I think this is the only way to get the info I need on the graph! Because of number of events, I had to increase span to 1h but I can still see the trend. Thanks!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...