Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help me with search query for my usecase

sravankaripe
Communicator
‎03-30-2017 07:46 AM

i want to list out the success count by time
Example:

index="ABC" sourcetype="XYZ" responsecode="200"|

Time count

last 1hour(1:00am) 20
other 1hour(2:00am) 10

please help me with sample query

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kiran331
Builder
‎03-30-2017 07:56 AM

index="ABC" sourcetype="XYZ" responsecode="200"|timechart span=1h count

refer this one
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/timechart

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎03-30-2017 08:16 AM

Hi sravankaripe,
you can use timechart command to count the number of events in every hour:

index="ABC" sourcetype="XYZ" responsecode="200"
| timechart count span=1h

In addition, you can also compare count of each hour with the corresponding hour of e.g. last week using timewrap command (see http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Timewrap):

index="ABC" sourcetype="XYZ" responsecode="200"
| timechart count span=1h
| timewrap 1week

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎03-30-2017 08:00 AM

Like this:

index="ABC" sourcetype="XYZ" | bin _time span=1h | stats count(eval(responsecode="200")) AS success count BY _time
0 Karma
Reply
Solved! Jump to solution
Solution

kiran331
Builder
‎03-30-2017 07:56 AM

index="ABC" sourcetype="XYZ" responsecode="200"|timechart span=1h count

refer this one
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/timechart

0 Karma
Reply
Solved! Jump to solution

3no
Communicator
‎03-30-2017 07:55 AM

Hi

index="ABC" sourcetype="XYZ" responsecode="200"| timechart span=1h count

3no.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎03-30-2017 07:53 AM

is that what you are looking for?
.... | timechart span=1h count

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...