I want to group events per minute, then analyse the top 5 number count of "clientsource" field and timegraph this. Note: every minute, there can be 5 other top values.
I have succeeded to get the values in a table,now i only need to timegraph them;
sourcetype=syslog | bucket _time span=1m | top 5 clientsource by _time
2014-04-24 09:52:00 10.101.4.124:1183 89 9.017224
2014-04-24 09:52:00 10.102.212.6:2830 66 6.686930
2014-04-24 09:52:00 10.102.222.166:1365 59 5.977710
2014-04-24 09:52:00 10.103.64.53:1789 57 5.775076
2014-04-24 09:52:00 10.97.28.219:4350 50 5.065856`
2014-04-24 09:53:00 10.97.194.240:3807 50 10.706638
2014-04-24 09:53:00 10.102.214.191:1287 43 9.207709
2014-04-24 09:53:00 10.102.194.216:2556 40 8.565310
2014-04-24 09:53:00 10.99.34.23:4548 31 6.638116
2014-04-24 09:53:00 10.99.6.121:2389 28 5.995717
2014-04-24 09:54:00 10.101.110.94:3075 48 8.013356
2014-04-24 09:54:00 10.107.6.123:4027 46 7.679466
2014-04-24 09:54:00 10.102.214.60:2106 41 6.844741
2014-04-24 09:54:00 10.97.134.10:1748 38 6.343907
2014-04-24 09:54:00 10.97.12.115:1245 38 6.343907
... View more