Splunk Search

In timechart, how to Search for the values >n ?

Path Finder


In timechart, how to Search for the values >n ?

(ex) search : weblog

" * | strcat clientip "@" uri A_COMBO | timechart count by A_COMBO "

How to search results values of greater than OR less than?( values >20 OR values <20)


Tags (2)
0 Karma

Path Finder


Thanks! that helped

0 Karma


I think timechart command does not support what you want. In stead, do you think stats command work?

" * | strcat clientip "@" uri A_COMBO | stats count by A_COMBO _time | search count > 20"

Then, you will be able to use timechart if you want.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!