Re: Time Chart - specifying/graphing time interval...

danielkhouri · ‎02-07-2019

Hi,

I've created three time charts that are currently counting the number of connections. Each time chart is set with different time ranges (1 hour, 4 hour and 24 hour). Here is what the search string looks like:

my-query| timechart count by built_connections

It's seems pretty straight forward but not actually what I'm after. What I actually need is to count the number of connections in 5 minute intervals and plot it on the graph without adding the total count of the first 5 minute interval to the next (and so on). So the first 0-5 minutes would count the number of connections and plot it on the chart. Then the next 5-10 minute interval would count the number of connection within that 5-10 minute interval and plot it on the graph and so on (I'd like to apply it to all three graphs for 1, 4 and 24 hours). What I don't want is to have the the 0-5 minute count added to the value for the next 5-10 minute interval and so on. Each 5 minute interval will have it's own unique count.

Hope this makes sense.

Thanks
Dan.

vishaltaneja070 · ‎02-07-2019

@danielkhouri

my-query| timechart span=5min count by built_connections

I think this is what is required correct.

Time Chart - specifying/graphing time interval counts that dont accumulate

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7