Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get stats count by day?

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:16 AM

 Need my SPL to count  records, for previous calendar day:

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:24 AM 
| stats count

Set time period to be yesterday using timepicker

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:23 AM

Hi @Fats120,

to better help you, you should share some additional info!

Then, do you want the time distribution for your previous day (as you said in the description) or for a larger period grouped by day (as you said in the title)?

Anyway, in the first case you should try something like this:

index=your_index earliest=-1d latest=now
| timechart count span=1h

In thesecond case, you should try something like this:

index=your_index earliest=-7d@d latest=@d
| timechart count span=1d

Ciao.

Giuseppe

 

 

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:29 AM

Apologies for being so brief. I'm working on a glass table and I needed the events to be counted for the previous calendar day. So for each day, the visualization should show how many events were counted on the previous day. 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:38 AM

Hi @Fats120,

if you want the total eventcount for the previous day, to use e.g. in a Single Value Panel, you could use something like this:

| metasearch index=your_index earliest=-1d latest=now
| stats count

Ciao.

Giuseppe

Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:39 AM

thanks!

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:52 AM

Hi @Fats120,

if this asnwer solves your need, please, accept it for the other people of Community, otherwise, tell me how can I help you more.

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:56 AM

I tried this code and an error came up 😞 

How do I just collect data from the previous day and not right now. I only want to collect data from only the previous day each day and visualize it on my glass table.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 06:03 AM

Hi @Fats120,

as @ITWhisperer hinted, please try this:

| metasearch index=your_index earliest=-1d@d latest=@d
| stats count

Ciao.

Giuseppe

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:59 AM

What was the error?

For just the previous day, use

 ... earliest=-1d@d latest=@d
0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...