Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stats Count Field To Include 0 For each Bin period

sssplunker
Engager
‎07-06-2022 07:46 AM

I’m trying to get a count for activity on around 10 different APIs.

The search is:

index=api_logs | bin span=5min _time | stats count by _time, APIName

Is it possible to use stats count so the output includes an entry for each API in each 10 minute period and report a ‘0’ if there hasn’t been a call. I know you could chart it but I’d like the data in this particular format.

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-06-2022 08:55 AM

Try this

| timechart span=5m count by APIName
| untable _time APIName count

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sssplunker
Engager
‎07-06-2022 08:05 AM

Thanks - I know it could be charted like that but that changes the structure of the data. I’d like to output the results in the three columns that stats count produces, so _time, APIname & count.

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-06-2022 08:55 AM

Try this

| timechart span=5m count by APIName
| untable _time APIName count
0 Karma
Reply
Solved! Jump to solution

sssplunker
Engager
‎07-07-2022 01:44 AM

Thanks!

Tags (1)
0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-06-2022 07:59 AM

The timechart command will fill in the missing time periods.

| timechart span=5m count by APIName
0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and stall ...

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Are you ready to uncover the threats hiding in plain sight? Join us for "Print, Leak, Repeat: UEBA Insider ...

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...