Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Count the number of api occurrence in 10 second

JyotiP
Path Finder
‎09-27-2019 01:40 AM

I have the following API's, for which I need to count the occurrence of each in every 10 seconds for 1 hour time interval.

/api/login/v1/session
/api/data/v1/graphql
/api/order/v1/orders
/api/order/v1/states
/api/order/orderimporter/v1/importcsv
/api/order/orderimporter/v1/promote
/api/order/orderimporter/v1/stagingOrder
/api/order/v3/graphql
/api/order/desk/v2/quickSend
/api/order/v1/desk/Batch/sync
/api/order/v1/Orders/sync

I tried with 

host=*localhost* Path=*** sourcetype=nginx 
| where Path in ("/api/platform/v1/session" OR "/api/coredata/v1/graphql" OR "/api/trading/v1/orders")
| table Path

But getting Error in 'where' command: Typechecking failed. 'OR' only takes boolean arguments

Basically I want the count of all the listed api in every 10 seconds for 1-hour interval.

Tags (2)
0 Karma
Reply

kmorris_splunk
Splunk Employee
Splunk Employee
‎09-27-2019 05:36 AM

Here is an example from some different data:

sourcetype=access_combined earliest=-60m
| bin _time span=10s
| timechart count by action

You might consider using Trellis visualization as well, which automatically creates a different line graph for each.
alt text

Preview file
109 KB
0 Karma
Reply

techiesid
SplunkTrust
SplunkTrust
‎09-27-2019 01:46 AM

It should be smething like below,

host=*localhost* Path=*** sourcetype=nginx 
 | search Path IN  ("/api/platform/v1/session" ,"/api/coredata/v1/graphql" , "/api/trading/v1/orders")
 | table Path
| timechart count span=10s

Sid

Reply

JyotiP
Path Finder
‎09-27-2019 02:13 AM

@techiesid this work fine without timechart count span=10s, when I use this no result is coming

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...