Solved: How to generate a timechart for every minute, goin...

akhasriya · ‎01-31-2017

My events has following time stamp and a count:

TIME+2017-01-31 12:00:33 2  
TIME+2017-01-31 12:01:39 1  
TIME+2017-01-31 12:02:24 2
TIME+2017-01-31 12:03:46 3   
TIME+2017-01-31 12:04:48 1 
TIME+2017-01-31 12:05:49 2
TIME+2017-01-31 12:06:50 1
TIME+2017-01-31 12:07:50 2
TIME+2017-01-31 12:08:50 3 
TIME+2017-01-31 12:09:50 1
TIME+2017-01-31 12:10:50 1
TIME+2017-01-31 12:11:50 3
TIME+2017-01-31 12:12:50 1

I want to generate stats/graph every minute so it gives me the total number of events in the last 10 minutes, for example
search run 12:13 gives:

somesoni2 · ‎01-31-2017

Try something like this

Your base search | timechart span=1m sum(count) as count | streamstats window=10 current=t sum(count) as count

View solution in original post

somesoni2 · ‎01-31-2017

Try something like this

Your base search | timechart span=1m sum(count) as count | streamstats window=10 current=t sum(count) as count

akhasriya · ‎02-01-2017

Thank you, works as I expected.

How to generate a timechart for every minute, going back 10 minutes?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms