Splunk Search

How to find min and max per hour during day by host ?

exmuzzy
Explorer

If I use such SPL

index=_internal 
 | timechart span=1h count by host
 | stats max(*) AS *."max", min(*) as *."min" | transpose

this produce min and max mixed in one column but I would like separate max and min column

0 Karma

kunalmao
Communicator

Can you please give a view of how you want the result and min and max of what ?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi exmuzzy,
let me understand: do you want max in a column and min in another one?
if this is your requirement delete the transpose command!

 index=_internal 
  | timechart span=1h count by host
  | stats max(*) AS *."max", min(*) as *."min" 

Bye.
Giuseppe

gcusello
SplunkTrust
SplunkTrust

Hi exmuzzy,
I have

giuseppe-pc.max giuseppe-pc.min
       102494           0

Bye.
Giuseppe

0 Karma

exmuzzy
Explorer

No, I would like to rich such result

                              max       min

giuseppe-pc 0 334
backeтd 12 502

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi exmuzzy,
did you tried?

index=_internal 
| bin_time span=1h
| chart max(count) AS Max  min(count) as Min BY host

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...