Splunk Search

timespan not providing desired result

praddasg
Path Finder

alt textalt textHello,

I am trying to have timespan to show results for every 2 mins but it seems to reflect the default of 5 mins

earliest=-180m
index=apps
sourcetype=pos-generic:prod
"com.grubhub.pos.generic.orders.service.OrdersService: Received request to change status"
partner_account_name="Level Up"
| dedup orderId
| search status=REJECTED
| timechart count by status minspan=2m

Tags (1)
0 Karma
1 Solution

efavreau
Motivator

Try this instead for your last line:

| timechart span=2m count by status
###

If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

efavreau
Motivator

Try this instead for your last line:

| timechart span=2m count by status
###

If this reply helps you, an upvote would be appreciated.
0 Karma

praddasg
Path Finder

ahh i was using at the wrong place, thank you it works.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...