Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Retrieve a list of all the Time and group all similar times as 1 row

cmak
Contributor
‎01-31-2013 04:03 PM

I would like to get a list of all the timestamps in my data.
They are stored in a field called time.

Normally I would use
| top time

However, I would like to group all times within approximately 10 seconds as 1 selection.
Maybe choose the average time as the value of this group.

Thanks

Tags (3)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎01-31-2013 06:00 PM

You should be able to use the "bucket" search command. e.g., if you time is in seconds:

... | bucket time span=10 | top time
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...