Splunk Search

timespan not providing desired result

Path Finder

alt textalt textHello,

I am trying to have timespan to show results for every 2 mins but it seems to reflect the default of 5 mins

earliest=-180m
index=apps
sourcetype=pos-generic:prod
"com.grubhub.pos.generic.orders.service.OrdersService: Received request to change status"
partner_account_name="Level Up"
| dedup orderId
| search status=REJECTED
| timechart count by status minspan=2m

Tags (1)
0 Karma
1 Solution

Builder

Try this instead for your last line:

| timechart span=2m count by status
###

If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

Builder

Try this instead for your last line:

| timechart span=2m count by status
###

If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

Path Finder

ahh i was using at the wrong place, thank you it works.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!