Splunk Search

Results on daily basis with rangemap

vijkuma
Engager

My Query : --- | stats count by "response time" | rename "response time" as "time_taken" | rangemap field=time_taken upto_5_sec=0-5000 default=more_then_5_sec | stats sum(count) by range

How can i get this result distributed on daily basis.

Current result : 

upto_5_sec100
more_then_5_sec1

 

Expected result :

2020-12-05upto_5_sec80
 more_then_5_sec0
   
2020-12-06upto_5_sec20
 more_then_5_sec1

 

Labels (3)
0 Karma
1 Solution

scelikok
SplunkTrust
SplunkTrust

@vijkuma , please try below;

| stats count by "response time" _time
| rename "response time" as "time_taken" 
| rangemap field=time_taken upto_5_sec=0-5000 default=more_then_5_sec 
| bin span=1d _time 
| stats sum(count) as count by _time range 
| stats list(range) as range list(count) as count by _time
If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

vijkuma
Engager

This worked. @scelikok  Thanks for the help. Much appreciated !!! 

0 Karma

scelikok
SplunkTrust
SplunkTrust

@vijkuma , please try below;

| stats count by "response time" _time
| rename "response time" as "time_taken" 
| rangemap field=time_taken upto_5_sec=0-5000 default=more_then_5_sec 
| bin span=1d _time 
| stats sum(count) as count by _time range 
| stats list(range) as range list(count) as count by _time
If this reply helps you an upvote and "Accept as Solution" is appreciated.
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...