Pages with timeline chart

puneetkharband1 · ‎10-13-2015

index = "abcd" sourcetype = * Customers= ABC |chart count by Pages

I get the pages as a list
I want one of the page occurances with timeline

lets say page name is login.do so I want to know login.do happened at this particular time

somesoni2 · ‎10-13-2015

There could be multiple events with one Pages, so which time you want, first time the page was access, last time page was accessed OR all accesses?

For All,

index = "abcd" sourcetype = * Customers= ABC Pages="login.do"  | table Pages _time

For first and last time it was accessed

index = "abcd" sourcetype = * Customers= ABC Pages="login.do"  | stats min(_time) as FirstTime max(_time) as LastTime by Pages | convert ctime(*Time)

rphillips_splk · ‎10-13-2015

index = "abcd" sourcetype = * Customers= ABC |timechart count by Pages

rphillips_splk · ‎10-13-2015

you're probably looking at the statistics tab.. click on the Visualization tab

Are you a member of the Splunk Community?