Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

How to create a visualization showing event counts since beginning of the transaction, separated by time?

archier
New Member
‎11-23-2016 12:01 PM

I have transactions with varying number of events. I want a plot showing how many events occur in buckets since the beginning of the transaction, e.g. how many events in the first 5 seconds, next 5 seconds, etc.

How can I do this?

0 Karma
Reply
Highlighted

Re: How to create a visualization showing event counts since beginning of the transaction, separated by time?

sundareshr
Legend
‎11-23-2016 12:46 PM

Lets assume you transactions are grouped by a txn_id. See if this is what you're looking for...

index=foo sourcetype=bar | bin span=5s _time | stats count by txn_id _time
0 Karma
Reply
Highlighted

Re: How to create a visualization showing event counts since beginning of the transaction, separated by time?

archier
New Member
‎11-23-2016 01:39 PM

thanks sundareshr, it doesn't quite work, there are many transactions starting at different times

0 Karma
Reply