Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get stats count by day?

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:16 AM

 Need my SPL to count  records, for previous calendar day:

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:24 AM 
| stats count

Set time period to be yesterday using timepicker

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:23 AM

Hi @Fats120,

to better help you, you should share some additional info!

Then, do you want the time distribution for your previous day (as you said in the description) or for a larger period grouped by day (as you said in the title)?

Anyway, in the first case you should try something like this:

index=your_index earliest=-1d latest=now
| timechart count span=1h

In thesecond case, you should try something like this:

index=your_index earliest=-7d@d latest=@d
| timechart count span=1d

Ciao.

Giuseppe

 

 

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:29 AM

Apologies for being so brief. I'm working on a glass table and I needed the events to be counted for the previous calendar day. So for each day, the visualization should show how many events were counted on the previous day. 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:38 AM

Hi @Fats120,

if you want the total eventcount for the previous day, to use e.g. in a Single Value Panel, you could use something like this:

| metasearch index=your_index earliest=-1d latest=now
| stats count

Ciao.

Giuseppe

Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:39 AM

thanks!

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:52 AM

Hi @Fats120,

if this asnwer solves your need, please, accept it for the other people of Community, otherwise, tell me how can I help you more.

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:56 AM

I tried this code and an error came up 😞 

How do I just collect data from the previous day and not right now. I only want to collect data from only the previous day each day and visualize it on my glass table.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 06:03 AM

Hi @Fats120,

as @ITWhisperer hinted, please try this:

| metasearch index=your_index earliest=-1d@d latest=@d
| stats count

Ciao.

Giuseppe

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:59 AM

What was the error?

For just the previous day, use

 ... earliest=-1d@d latest=@d
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Welcome back to Splunk Classroom Chronicles, our ongoing blog series that pulls back the curtain on Splunk ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...
Top