×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
johnegracej
New Member
Member since: ‎04-11-2020
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-11-2020
Activity Feed
View All

I need to get hourly reports starting at five minu...

by in Splunk Search
‎04-11-2020 09:23 AM
‎04-11-2020 09:23 AM
So I need a start/chart/timechart etc... that shows a distinct count of separate login ids from 7:55 - 8:54:59 then 8:55 - 9:54.59 and the previous week for that same hour, and the week before that for the same hour. I seemed to be having good luck with timechart & chart as long as I start on the hour but when I try to adjust by five minutes everything goes crazy (probably my ignorance which I'm hoping I can overcome here). I would prefer to learn but I could also reverse engineer a good answer. The closest I've come to a correct answer is: index=logs* "EventStreamData.eventName"=RetrieveCustomerAccounts EventStreamData.args.request.apiKey=MAIN "EventStreamData.response.entries{}.product.productName"="Checking" | eval week1=relative_time(now(),"-1w@w") | eval Hour = strftime(_time,"%H:%M") | timechart span=60m dc(EventStreamData.args.request.userId) as 360_Volume But the output is on the hour not shifted by five minutes and something strange happens with the first block of data. 2020-04-10 05:00 709 2020-04-10 06:00 10502 2020-04-10 07:00 16122 2020-04-10 08:00 20273 Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM