Solved: Results on daily basis with rangemap

vijkuma · ‎12-08-2020

My Query : --- | stats count by "response time" | rename "response time" as "time_taken" | rangemap field=time_taken upto_5_sec=0-5000 default=more_then_5_sec | stats sum(count) by range

How can i get this result distributed on daily basis.

Current result :

upto_5_sec	100
more_then_5_sec	1

Expected result :

2020-12-05	upto_5_sec	80
	more_then_5_sec	0

2020-12-06	upto_5_sec	20
	more_then_5_sec	1

scelikok · ‎12-08-2020

@vijkuma , please try below;

| stats count by "response time" _time
| rename "response time" as "time_taken" 
| rangemap field=time_taken upto_5_sec=0-5000 default=more_then_5_sec 
| bin span=1d _time 
| stats sum(count) as count by _time range 
| stats list(range) as range list(count) as count by _time

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

vijkuma · ‎12-08-2020

This worked. @scelikok Thanks for the help. Much appreciated !!!

scelikok · ‎12-08-2020

@vijkuma , please try below;

| stats count by "response time" _time
| rename "response time" as "time_taken" 
| rangemap field=time_taken upto_5_sec=0-5000 default=more_then_5_sec 
| bin span=1d _time 
| stats sum(count) as count by _time range 
| stats list(range) as range list(count) as count by _time

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Results on daily basis with rangemap

count

stats

timechart

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio