Solved: how to show daily 2pm to 4 pm data for one week

mvaradarajam · ‎10-27-2014

Hi All,
how to show daily count of 2pm to 4 pm data for one week
like this i want monday to sunday

monday 2pm =10
monday 3pm
monday 4pm
tuesday 2pm
tuesday 4pm

tuesday 6pm like ths

can u plz help me any one

MuS · ‎10-27-2014

Hi mvaradarajam,

try something like this:

your base search here date_hour>13 AND date_hour<17 | timechart span=1d count by date_wday

hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎10-27-2014

Hi mvaradarajam,

try something like this:

your base search here date_hour>13 AND date_hour<17 | timechart span=1d count by date_wday

hope this helps ...

cheers, MuS

mvaradarajam · ‎10-27-2014

Hi MuS,

above one also not working showing like below

_time↕

count↕

2014-10-26 16:30:00

3438

2014-10-26 17:30:00

0

2014-10-26 18:30:00

0

2014-10-26 19:30:00

0

2014-10-26 20:30:00

0

2014-10-26 21:30:00

0

2014-10-26 22:30:00

0

2014-10-26 23:30:00

0

2014-10-27 00:30:00

0

MuS · ‎10-27-2014

Why should this not work? You get a result back, so it is working. Maybe you expect something different....So try this, it will 'remove' all empty hours

... date_hour>13 AND date_hour<17 | timechart span=1h count AS myCount | where myCount!="0"

mvaradarajam · ‎10-27-2014

HI MuS,

I want day wise 2 to 4 pm data for example
_time count
mon 2pm 10
mon 3pm 15
mon 4pm 20
tue 2pm 5
tue 3pm 15

like this want plz help me how get.............

MuS · ‎10-27-2014

try this:

... date_hour>13 AND date_hour<17 | timechart span=1h count

how to show daily 2pm to 4 pm data for one week

tuesday 6pm like ths

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor