Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to create a stat table that has columns that r...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to create a stat table that has columns that represent the same time range per week.
DandeGuzman
New Member
05-06-2015
12:00 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stephanefotso
Motivator
05-06-2015
03:27 AM
Hello! Try this:
sourcetype=iis tag=webserver cs_uri_stem="/SearchQuery*" earliest=-3w@w latest=now |bucket span=7d _time|stats avg(TimeTakenMS) by cs_uri_stem, _time
SGF
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DandeGuzman
New Member
05-06-2015
04:45 PM
Hi Stephane I am actually aiming for a result that will look something like this:
cs_uri_stem Week1 Week2 Week3
/SearchQuery1 123 122 110
/SearchQUery2 43 54 49
I am trying to tweak what you have given though it should be near enough.
Thank you so much.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stephanefotso
Motivator
05-07-2015
12:30 AM
Here is what i can do for you. Instead of Week1, Week2, ... in your table, you can say, week of 10/April, week of 18/April......
Something like this:
sourcetype=iis tag=webserver cs_uri_stem="/SearchQuery*" earliest=-3w@w latest=now |bucket span=7d _time| eval day_week=strftime(_time, "%d/%b")|replace * with "week of *" in day_week|stats avg(TimeTakenMS) by cs_uri_stem, day_week
SGF
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vganjare
Builder
05-06-2015
12:13 AM
Can you please share the expected output?
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DandeGuzman
New Member
05-06-2015
04:52 PM
Hi I am trying to get this output:
cs_uri_stem Week1 Week2 Week3
/SearchQuery1 123 122 110
/SearchQUery2 43 54 49
where week columns are derived from the same daytime value per week.
TIA
Get Updates on the Splunk Community!
Adoption of RUM and APM at Splunk
Unleash the power of Splunk Observability
Watch Now
In this can't miss Tech Talk! The Splunk Growth ...
Routing logs with Splunk OTel Collector for Kubernetes
The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...
Welcome to the Splunk Community!
(view in My Videos)
We're so glad you're here!
The Splunk Community is place to connect, learn, give back, and ...
