Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How would I get these results by day

rmcdougal
Path Finder
‎08-06-2012 12:18 PM

I am attempting to write a license usage search and I would like to be able to see the usage for the last 7 days. Here is what I am using so far and it shows the usage just fine all added together. I would like it to be broken down by day, any ideas?

index=_internal source=license_usage pool="auto_generated_pool_enterprise" | eval GB=b/1024/1024/1024 | stats sum(GB) by pool

Tags (1)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎08-06-2012 12:38 PM

If you want to
a) end up with the data in graph form with both pool and day-of-week values, then you want to look at the chart command.

index=_internal source=license_usage pool="auto_generated_pool_enterprise" | eval GB=b/1024/1024/1024 | chart sum(GB) over date_wday by pool

b) if you dont want to graph it and you want to end up with more of a flat table where each row is a unique combination of a pool value and a day-of-week value, then you would use stats this way:

index=_internal source=license_usage pool="auto_generated_pool_enterprise" | eval GB=b/1024/1024/1024 | stats sum(GB) by date_wday pool

hth

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...