Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

can some one help me with SPL

vikram1583
Explorer
‎04-06-2020 11:06 AM

index= xxxxxx sourcetype=xxxxxx
| eval import_time=strftime(_time, "%Y-%m-%d:%H")
| eval import_timeday=strftime(_time, "%Y-%m-%d")
| eventstats latest(import_time) as Last by import_timeday
| where Last = import_time
| timechart count by Product

with this search the output seems to be hourly instead of daily
Can some one help in sending SPL to see results daily

Thanks in advance

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-06-2020 11:17 AM 
index= xxxxxx sourcetype=xxxxxx
| eval import_time=strftime(_time, "%Y-%m-%d:%H")
| eval import_timeday=strftime(_time, "%Y-%m-%d")
| eventstats latest(import_time) as Last by import_timeday
| where Last = import_time
| timechart span=1d count by Product
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...