Solved: Re: time span = week

gowtham08091 · ‎07-20-2020

Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use | bin span=1w, instead of showing the last or latest data of week it is summing the weeks total. I am looking for trend chart, where to display first or last data of a week or month.

i used same bin command earlier and but this time one difference is i a, using stats.

I use the query in the following format

gowtham08091 · ‎07-20-2020

@anilchaithu

I am looking for a trend report like weekly and monthly trend, like. Weekly trend should how the result from last data of a week and monthly trend to show the data from last day of a month. (not the cumulative sum of week and month)

View solution in original post

anilchaithu · ‎07-20-2020

@gowtham08091

Its the bin functionality to sum the field values for the given span.

what do you mean by "to display first or last data of a week or month"? Do you want to show only a single data point?

gowtham08091 · ‎07-20-2020

@anilchaithu

I am looking for a trend report like weekly and monthly trend, like. Weekly trend should how the result from last data of a week and monthly trend to show the data from last day of a month. (not the cumulative sum of week and month)

gowtham08091 · ‎07-24-2020

Thanks for the feedback, with your comment i found that i am missing the _time in my search and i get the expected results when I add _time in dedup

Thanks

time span = week

stats

timechart

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?