Hi all,
I have logs that count number of invocation themselves. But the service that generates these values starts every mondy and reboot every sunday evening, that means if I want to know the total number of invocation. I have to sum up the max values of each week.
I know that in Splunk, define a week is not a difficult thing, 1w or 7d are fine, but what I want is "span" natural week...
My logs are like (timestamps are ignored):
Process, Method, number
name1, getXXX, 0
name1, getXXX, 3
name1, setXXX, 1
name2, setXXX, 0
name2, setXXX, 2
And the next week,
name1,getXXX,0
name1,getXXX,1
name1,setXXX,2
name2,setXXX,2
name2,setXXX,6
What I want is the result like :
Process Method Total
name1,getXXX,4
name1,setXXX,3
name2,setXXX,8
So that should be something like | timechart span=1w max(number) as MAX by Process Method | stats sum(MAX) by Process Method
And most important is, in natural week, that means exactly from the cumulation of max values from each monday to sunday
Thanks for anyone who can help !
... View more