Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Give me a count of all events but give me the date of the last event?

the_wolverine
Champion
‎01-31-2013 02:05 PM

I'm generating a table of event count (same events) but I want it to also return the timestamp of the last event. I can't figure out how to do it. Running stats count against timestamp will give me a single count for each timestamp.

timestamp,color,shape,count
?,blue,square,5
?,red,circle,15
?,yellow,triangle,12

Help?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎01-31-2013 02:09 PM 
... | stats count, latest(_time)

?

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎01-31-2013 02:09 PM 
... | stats count, latest(_time)

?

Reply
Solved! Jump to solution

the_wolverine
Champion
‎01-31-2013 02:39 PM

Thank you, Ayn!!!!!

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎01-31-2013 02:25 PM

Well then, stats count, latest(_time) by color,shape

Reply
Solved! Jump to solution

the_wolverine
Champion
‎01-31-2013 02:19 PM

I think I oversimplified my example. I have a few fields in there so there are a couple of eventtypes, actually.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...