Following is the result we got
Action_ Name Time Count
ABC 1:15 AM 100
ABC 1:30 AM 200
ABC 1:45 AM 300
ABC 2:00 50
Now I want to compare the row2 (1:30 AM) Count : 200 with row4(2:00 AM) Count 50
I am new to splunk and I don't know how to do it
Following is the below splunk query:
index=... sourcetype= .... | bucket _time span=15m | stats count by Action_Name,_time
Greetings @salavilli0611,
Please take a look at this run-anywhere search. If needed, you can add a by
to the timechart, but your sample data does not indicate you do. When you plug this into your search, replace count
with sum(count)
(and remove the bin
command since timechart does that for you)
index=_internal sourcetype=splunkd log_level=ERROR
| timechart span=15m count
| timewrap 15min
what will be the desired result / view / table look like?