Splunk Search

splunk group by event , date_hour

officialsubho
New Member

These are 2 diff events on my logs .

taskCode=123
taskCode=456

i am trying to get an hourly count per event types , but whatever i try doesnt work . I am only able to get the total count and not the hourly metrics . Need help . just getting started with splunk

index=* |regex search string | stats count by msg

Result

taskCode=375 614
taskCode=376 818

Tags (1)
0 Karma
1 Solution

koshyk
Super Champion

Please try using timechart . (Though I'm not entirely sure from your example if it is msg or taskCode you want to group upon)

index=* |regex search string | timechart span=1h count by msg

Please refer to other options at : https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Timechart

View solution in original post

0 Karma

koshyk
Super Champion

Please try using timechart . (Though I'm not entirely sure from your example if it is msg or taskCode you want to group upon)

index=* |regex search string | timechart span=1h count by msg

Please refer to other options at : https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Timechart

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...