All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Graph the Highest hits in a 5 minute interval per day split by a field

yechoorv
Explorer
‎05-23-2014 01:30 PM

I want to create a graph that graphs the hits of the 5 minute interval with the maximum hits on that day. I also want to split this up by a field called MethodName:

Something like

source:__ | timechart count as hits span=5m | timechart max(hits)

That is the graph I need, but I need to split this by the field: "MethodName"

Any suggestions?

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎05-24-2014 04:54 PM

Here's an approach that looks like it should work, using Splunk's internal data as an example:

index=_internal 
| bucket span=1m _time 
| stats count by _time,source 
| timechart span=1d max(count) by source

View solution in original post

Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎05-24-2014 04:54 PM

Here's an approach that looks like it should work, using Splunk's internal data as an example:

index=_internal 
| bucket span=1m _time 
| stats count by _time,source 
| timechart span=1d max(count) by source
Reply
Solved! Jump to solution

yechoorv
Explorer
‎05-27-2014 05:52 AM

Worked perfectly thanks!

Reply
Get Updates on the Splunk Community!

Enhance Your Splunk App Development: New Tools & Support

UCC FrameworkAdd-on Builder has been around for quite some time. It helps build Splunk apps faster, but it ...

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...