Solved: Re: Display time graph based on peak events over t...

d942725 · ‎02-17-2020

I have a use case where i need to plot the time graph, which shows the events count based on time. I must be able to see the graphical view of spike in the events I receive over time. I have some log similar to the one mentioned below:
{
@timestamp: 2020-02-04T13:46:41.274+00:00
domain: test
environment: dev
level: INFO
logger_name: com.test.practice.evthub.sse.impl.EventEncrypter
message: Published records to Kinesis stream
thread_name: main
}

Query: domain="test" environment="dev" logger_name="com.test.practice.evthub.sse.impl.EventEncrypter" message="Published records to Kinesis stream"|stats count by message
I tried using timechart function by passing the message as input but was getting some tabular format instead of graph plots. Can someone help me to do this query ?

to4kawa · ‎02-18-2020

domain="test" environment="dev" AND logger_name="com.test.practice.evthub.sse.impl.EventEncrypter" AND message="Published records to Kinesis stream"
|timechart count by message

Is this wrong?

View solution in original post

to4kawa · ‎02-18-2020

domain="test" environment="dev" AND logger_name="com.test.practice.evthub.sse.impl.EventEncrypter" AND message="Published records to Kinesis stream"
|timechart count by message

Is this wrong?

to4kawa · ‎02-18-2020

please acceptand close your issue.

Richfez · ‎02-19-2020

I moved your comment to an answer, and it seems pretty apparent the user accepts this, so I will accept for him.

d942725 · ‎02-18-2020

Yeah able to do and it works as expected.

Display time graph based on peak events over time || based on the log occurence i need to plot the graph over time

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?