Splunk Search

How to search in real time and append those values in dashboard?

badrinath
Path Finder

Hi all, 

whenever I get a new log I wanted to count of the number of logs for the last 5 min and then append it to a graph. but I should be able to see graph of 1whole day

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Perhaps something like this?

| timechart span=5m distinct_count(source)

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

badrinath
Path Finder

actually I need to do a real time search and append the results to a graph continuously.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That's what should happen using the above.

---
If this reply helps you, Karma would be appreciated.
0 Karma

badrinath
Path Finder

that's correct  but its creating something like buckets of 10min each like 2:00 to 2:10 and then counting in that time range.

but what I need is as soon as I get data lets say at 2:14 it should count the data from 2:04 to 2:14 and then append the count to graph.

when I get new data at 2:16 again it should count from 2:06 to 2:16 and append the count to graph again.

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...