Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting count per day for a specific splunk query

manish41711
Engager
‎10-05-2017 04:34 AM

I run index=hydra bu=dmg env="prod-*" ERROR everyday and record the count. I lost the statistics I had kept and would like to get them back. Is there a query that can help me do this? The query should get me the count of running the above query as if run daily (24 hr span).

Tags (1)
0 Karma
Reply

DalJeanis
Legend
‎10-05-2017 09:06 AM

@manish41711 - yes, that query will get your the daily figures. So would the following

 index=hydra bu=dmg env="prod-*" ERROR
 | bin _time span=1d
 | stats count as dailycount by _time
Reply

manish41711
Engager
‎10-05-2017 04:36 AM

Will this query help ? index=hydra bu=dmg env="prod-*" ERROR earliest=-90d@d latest=@d | timechart span=1d count

Reply

niketn
Legend
‎10-05-2017 05:28 AM

@manish41711, This query gets you daily aggregated count of "ERROR" events for last 90 days. Is this what you want?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...