Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to get stats count by day?

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:16 AM

 Need my SPL to count  records, for previous calendar day:

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:24 AM 
| stats count

Set time period to be yesterday using timepicker

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:23 AM

Hi @Fats120,

to better help you, you should share some additional info!

Then, do you want the time distribution for your previous day (as you said in the description) or for a larger period grouped by day (as you said in the title)?

Anyway, in the first case you should try something like this:

index=your_index earliest=-1d latest=now
| timechart count span=1h

In thesecond case, you should try something like this:

index=your_index earliest=-7d@d latest=@d
| timechart count span=1d

Ciao.

Giuseppe

 

 

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:29 AM

Apologies for being so brief. I'm working on a glass table and I needed the events to be counted for the previous calendar day. So for each day, the visualization should show how many events were counted on the previous day. 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:38 AM

Hi @Fats120,

if you want the total eventcount for the previous day, to use e.g. in a Single Value Panel, you could use something like this:

| metasearch index=your_index earliest=-1d latest=now
| stats count

Ciao.

Giuseppe

Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:39 AM

thanks!

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:52 AM

Hi @Fats120,

if this asnwer solves your need, please, accept it for the other people of Community, otherwise, tell me how can I help you more.

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:56 AM

I tried this code and an error came up 😞 

How do I just collect data from the previous day and not right now. I only want to collect data from only the previous day each day and visualize it on my glass table.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 06:03 AM

Hi @Fats120,

as @ITWhisperer hinted, please try this:

| metasearch index=your_index earliest=-1d@d latest=@d
| stats count

Ciao.

Giuseppe

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:59 AM

What was the error?

For just the previous day, use

 ... earliest=-1d@d latest=@d
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...