Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

TimeChart Syntax

Substance82
Path Finder
‎06-21-2024 10:52 AM

Stuck again and not sure what I'm missing... I have the first two steps, but cannot figure out the syntax to use Timechart to count all events as a specific label. Any help is greatly appreciated. 

The Task:  Use timechart to calculate the sum of price as "DailySales" and all count all events as "UnitsSold".

What I have so far: 

index=web sourcetype=access_combined status=200 productId=*
|timechart sum(price) as DailySales
Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yuanliu
SplunkTrust
SplunkTrust
‎06-21-2024 11:13 AM

This is a little confusing.  You are almost there:

index=web sourcetype=access_combined status=200 productId=*
|timechart sum(price) as DailySales count as UnitsSold

Is there something else we need to know?

View solution in original post

Reply
Solved! Jump to solution
Solution

yuanliu
SplunkTrust
SplunkTrust
‎06-21-2024 11:13 AM

This is a little confusing.  You are almost there:

index=web sourcetype=access_combined status=200 productId=*
|timechart sum(price) as DailySales count as UnitsSold

Is there something else we need to know?

Reply
Solved! Jump to solution

Substance82
Path Finder
‎06-21-2024 11:16 AM

Lol almost there, but a million miles away. I attempted something similar, but didn't fair well. Thanks a million.  Still working through a few new modules, but learning more each day. 

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...