Splunk Search

In timechart, how to Search for the values >n ?

Path Finder

Hi


In timechart, how to Search for the values >n ?


(ex) search : weblog

" * | strcat clientip "@" uri A_COMBO | timechart count by A_COMBO "

How to search results values of greater than OR less than?( values >20 OR values <20)

Thanks

Tags (2)
0 Karma

Path Finder

Takajian

Thanks! that helped

0 Karma

Builder

I think timechart command does not support what you want. In stead, do you think stats command work?

" * | strcat clientip "@" uri A_COMBO | stats count by A_COMBO _time | search count > 20"

Then, you will be able to use timechart if you want.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!