Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to search the count of IDs processed for multi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi i have two fields: IDs and response time in seconds. so by using the response time, i need to break down events
0-1 sec how many IDs were processed (their count)
1-2 sec how many IDs were processed
.....
9-10 sec how many IDs were processed
can someone help me thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a look at these two answers and that is what I think you are looking for:
https://answers.splunk.com/answers/28420/custom-chart-bucket-span-widths.html
https://answers.splunk.com/answers/233835/reliable-way-to-specify-span-to-bucket-numeric-val.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a look at these two answers and that is what I think you are looking for:
https://answers.splunk.com/answers/28420/custom-chart-bucket-span-widths.html
https://answers.splunk.com/answers/233835/reliable-way-to-specify-span-to-bucket-numeric-val.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your answer i got it by using the ceil and floor commands...thank you so much for your answers..it looks like it will also work for my case
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems like you need the following, IDs processed every second (which in-turn will require you to run the search for shorter duration) :
your base search ID=* | timechart span=1s count(ID) as "IDs Processed"
If this is not what you need please provide field names and examples.
| makeresults | eval message= "Happy Splunking!!!"
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
