Re: Timechart by field in tabular format

pankajad · ‎06-26-2021

There are 100s of APIs in my application. I'm logging exception for an API. I can get stats to get total no of exception in a time window by using

Exception |stats count by uri

This will give me result in tabular format exception count for each uri.

However, I would like to get this data in timechart for each uri. This can easily be done if I hardcode the uri and get exception count on time series but I don't want to do this for 100s of APIs.

| timechart count by api puts many under OTHER and NULL category. However, I would want api as row and time as column..preferably in visual format - timechart against each api

kamlesh_vaghela · ‎06-27-2021

@pankajad

Can you please try something like this?

uri=* Exception | timechart usenull=f useother=f count by uri

KV

ITWhisperer · ‎06-26-2021

Exception | timechart count by uri

pankajad · ‎06-26-2021

I had tried timechart but it doesn't solver my issue. I have updated my question with more details

Timechart by field in tabular format

chart

stats

table

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation