Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

day by day comparison

fwd4
Explorer
‎07-11-2011 04:10 AM

I'm trying to build a graph in Splunk to provide a day-by-day comparison of particular response codes.

For example I currently monitor the last 24 hours of logs looking for a string D101 (resp_code="D101") and graph it in a timechart. What I would like to do is run a second query for the same D101 message but from the previous 24hours - then end result being a graph with 2 lines showing me today against yesterday.

resp_code="D101" latest=now earliest=-24h | timechart count by resp_code | appendcols [resp_code="D101" latest=-24h earliest=-48h | timechart count by resp_code]

I think I need to be looking in or around the appendcols function but I'm receiving the below error, it's obviously not parsing what I've written in the way I'd hope:

"Search operation 'resp' is unknown. You might not have permission to run this operation."

Am I barking up the wrong tree with appendcols, should I be doing this a different way?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

JYTTEJ
Communicator
‎07-11-2011 04:48 AM

You need to add the search command: [search resp_code....

View solution in original post

Reply
Solved! Jump to solution
Solution

JYTTEJ
Communicator
‎07-11-2011 04:48 AM

You need to add the search command: [search resp_code....

Reply
Solved! Jump to solution

fwd4
Explorer
‎07-11-2011 05:47 AM

great much appreciated!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...