These are 2 diff events on my logs .
taskCode=123
taskCode=456
i am trying to get an hourly count per event types , but whatever i try doesnt work . I am only able to get the total count and not the hourly metrics . Need help . just getting started with splunk
index=* |regex search string | stats count by msg
Result
taskCode=375 614
taskCode=376 818
Please try using timechart . (Though I'm not entirely sure from your example if it is msg or taskCode you want to group upon)
index=* |regex search string | timechart span=1h count by msg
Please refer to other options at : https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Timechart
Please try using timechart . (Though I'm not entirely sure from your example if it is msg or taskCode you want to group upon)
index=* |regex search string | timechart span=1h count by msg
Please refer to other options at : https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Timechart