Hey Splunkers,
I want to create a graph or line chart that will show transaction total on a day vs day, week vs week, month vs month, quarter vs quarter.
the search i have started with is :
index=pfe_os_messages sourcetype="log4j" | head 10000 | rex "getSettle(?:Now|ment)Total.+?(?
Here is some example data: (scrubbed)
time - source - settlement - Raw
16:36.7 - log4j - $60 - invoice.AcquireInvoice (AcquireInvoice.foo) - getSettlementTotal(): 6000
16:36.7 log4j $60 invoice.AcquireInvoice (AcquireInvoice.foo) - getSettleNowTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice.foo) - getSettlementTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettlementTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettlementTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000
16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000
Hi apalen,
the easiest way to get this done, is using the timewrap
app http://apps.splunk.com/app/1645/
cheers, MuS
Hi apalen,
the easiest way to get this done, is using the timewrap
app http://apps.splunk.com/app/1645/
cheers, MuS
Alot of people have suggested this in many of the other post i have read. Sigh* change request here i come!!