Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Give me a count of all events but give me the date of the last event?

the_wolverine
Champion
‎01-31-2013 02:05 PM

I'm generating a table of event count (same events) but I want it to also return the timestamp of the last event. I can't figure out how to do it. Running stats count against timestamp will give me a single count for each timestamp.

timestamp,color,shape,count
?,blue,square,5
?,red,circle,15
?,yellow,triangle,12

Help?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎01-31-2013 02:09 PM 
... | stats count, latest(_time)

?

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎01-31-2013 02:09 PM 
... | stats count, latest(_time)

?

Reply
Solved! Jump to solution

the_wolverine
Champion
‎01-31-2013 02:39 PM

Thank you, Ayn!!!!!

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎01-31-2013 02:25 PM

Well then, stats count, latest(_time) by color,shape

Reply
Solved! Jump to solution

the_wolverine
Champion
‎01-31-2013 02:19 PM

I think I oversimplified my example. I have a few fields in there so there are a couple of eventtypes, actually.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW! Every day the list of sources Admins are responsible for gets bigger and bigger, often making ...