Solved: TimeChart Syntax

Substance82 · ‎06-21-2024

Stuck again and not sure what I'm missing... I have the first two steps, but cannot figure out the syntax to use Timechart to count all events as a specific label. Any help is greatly appreciated.

The Task: Use timechart to calculate the sum of price as "DailySales" and all count all events as "UnitsSold".

What I have so far:

index=web sourcetype=access_combined status=200 productId=*
|timechart sum(price) as DailySales

yuanliu · ‎06-21-2024

This is a little confusing. You are almost there:

index=web sourcetype=access_combined status=200 productId=*
|timechart sum(price) as DailySales count as UnitsSold

Is there something else we need to know?

View solution in original post

yuanliu · ‎06-21-2024

This is a little confusing. You are almost there:

index=web sourcetype=access_combined status=200 productId=*
|timechart sum(price) as DailySales count as UnitsSold

Is there something else we need to know?

Substance82 · ‎06-21-2024

Lol almost there, but a million miles away. I attempted something similar, but didn't fair well. Thanks a million. Still working through a few new modules, but learning more each day.

TimeChart Syntax

timechart

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud