Re: Timechart by field in tabular format

pankajad · ‎06-26-2021

There are 100s of APIs in my application. I'm logging exception for an API. I can get stats to get total no of exception in a time window by using

Exception |stats count by uri

This will give me result in tabular format exception count for each uri.

However, I would like to get this data in timechart for each uri. This can easily be done if I hardcode the uri and get exception count on time series but I don't want to do this for 100s of APIs.

| timechart count by api puts many under OTHER and NULL category. However, I would want api as row and time as column..preferably in visual format - timechart against each api

kamlesh_vaghela · ‎06-27-2021

@pankajad

Can you please try something like this?

uri=* Exception | timechart usenull=f useother=f count by uri

KV

ITWhisperer · ‎06-26-2021

Exception | timechart count by uri

pankajad · ‎06-26-2021

I had tried timechart but it doesn't solver my issue. I have updated my question with more details

Timechart by field in tabular format

chart

stats

table

timechart

Splunk Observability for AI

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Join the Conversation