Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to format timechart table data?

ewanbrown
Path Finder
‎09-10-2014 07:44 AM

I have a query similar to

index=beacon BeaconType=pageview | timechart span="1d" count by Country

giving 

        US     CA      FR

01 Jan 123 456 678

02 Jan 456 234 765

But I'd like it formatted like

Date Country Number

01 Jan US 123

01 Jan CA 456

01 Jan FR 678

02 Jan US 456

02 Jan CA 234

etc

Is this possible? (excuse the bad formatting!)

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

norbert_hamel
Communicator
‎09-10-2014 08:11 AM

you could try something like:

index=beacon BeaconType=pageview | bucket _time span=1d | stats count by _time Country | rename count AS Number

This will split the results into timely buckets of 1day and then count the number split by Country.

View solution in original post

Reply
Solved! Jump to solution
Solution

norbert_hamel
Communicator
‎09-10-2014 08:11 AM

you could try something like:

index=beacon BeaconType=pageview | bucket _time span=1d | stats count by _time Country | rename count AS Number

This will split the results into timely buckets of 1day and then count the number split by Country.

Reply
Solved! Jump to solution

ewanbrown
Path Finder
‎09-10-2014 08:19 AM

Perfect, thanks a lot!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...