Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Getting count per day for a specific splunk query

manish41711
Engager
‎10-05-2017 04:34 AM

I run index=hydra bu=dmg env="prod-*" ERROR everyday and record the count. I lost the statistics I had kept and would like to get them back. Is there a query that can help me do this? The query should get me the count of running the above query as if run daily (24 hr span).

Tags (1)
0 Karma
Reply

DalJeanis
Legend
‎10-05-2017 09:06 AM

@manish41711 - yes, that query will get your the daily figures. So would the following

 index=hydra bu=dmg env="prod-*" ERROR
 | bin _time span=1d
 | stats count as dailycount by _time
Reply

manish41711
Engager
‎10-05-2017 04:36 AM

Will this query help ? index=hydra bu=dmg env="prod-*" ERROR earliest=-90d@d latest=@d | timechart span=1d count

Reply

niketn
Legend
‎10-05-2017 05:28 AM

@manish41711, This query gets you daily aggregated count of "ERROR" events for last 90 days. Is this what you want?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...