How to find min and max per hour during day by hos...

exmuzzy · ‎10-15-2017

If I use such SPL

index=_internal 
 | timechart span=1h count by host
 | stats max(*) AS *."max", min(*) as *."min" | transpose

this produce min and max mixed in one column but I would like separate max and min column

kunalmao · ‎10-15-2017

Can you please give a view of how you want the result and min and max of what ?

gcusello · ‎10-15-2017

Hi exmuzzy,
let me understand: do you want max in a column and min in another one?
if this is your requirement delete the transpose command!

 index=_internal 
  | timechart span=1h count by host
  | stats max(*) AS *."max", min(*) as *."min"

Bye.
Giuseppe

gcusello · ‎10-15-2017

Hi exmuzzy,
I have

giuseppe-pc.max giuseppe-pc.min
       102494           0

Bye.
Giuseppe

exmuzzy · ‎10-15-2017

No, I would like to rich such result

                              max       min

giuseppe-pc 0 334
backeтd 12 502

gcusello · ‎10-16-2017

Hi exmuzzy,
did you tried?

index=_internal 
| bin_time span=1h
| chart max(count) AS Max  min(count) as Min BY host

Bye.
Giuseppe

How to find min and max per hour during day by host ?