Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get stats count by day?

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:16 AM

 Need my SPL to count  records, for previous calendar day:

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:24 AM 
| stats count

Set time period to be yesterday using timepicker

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:23 AM

Hi @Fats120,

to better help you, you should share some additional info!

Then, do you want the time distribution for your previous day (as you said in the description) or for a larger period grouped by day (as you said in the title)?

Anyway, in the first case you should try something like this:

index=your_index earliest=-1d latest=now
| timechart count span=1h

In thesecond case, you should try something like this:

index=your_index earliest=-7d@d latest=@d
| timechart count span=1d

Ciao.

Giuseppe

 

 

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:29 AM

Apologies for being so brief. I'm working on a glass table and I needed the events to be counted for the previous calendar day. So for each day, the visualization should show how many events were counted on the previous day. 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:38 AM

Hi @Fats120,

if you want the total eventcount for the previous day, to use e.g. in a Single Value Panel, you could use something like this:

| metasearch index=your_index earliest=-1d latest=now
| stats count

Ciao.

Giuseppe

Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:39 AM

thanks!

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 05:52 AM

Hi @Fats120,

if this asnwer solves your need, please, accept it for the other people of Community, otherwise, tell me how can I help you more.

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

Fats120
Loves-to-Learn Lots
‎04-06-2022 05:56 AM

I tried this code and an error came up 😞 

How do I just collect data from the previous day and not right now. I only want to collect data from only the previous day each day and visualize it on my glass table.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-06-2022 06:03 AM

Hi @Fats120,

as @ITWhisperer hinted, please try this:

| metasearch index=your_index earliest=-1d@d latest=@d
| stats count

Ciao.

Giuseppe

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-06-2022 05:59 AM

What was the error?

For just the previous day, use

 ... earliest=-1d@d latest=@d
0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...