Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to add up the hourly number of transactions per day, and create a chart to show the total per day over X days?

andynieto
Engager
‎09-22-2016 02:10 PM

Hello community,

So I'm looking for some help here on how to build a search that will add up the total number of transactions per day and chart the results on a linear or bar table.

Here is a sample of the data I have per hour:

DateTime          Archive_count   Pending_all_srvs   sql_count      Indexed_count
9/20/2016 6:00  83,223        22,843             2,968,438,179  75,000
9/20/2016 5:00  86,995        20,484             2,968,354,956  103,125
9/20/2016 4:00  90,911        17,774             2,968,267,961  103,420
9/20/2016 3:00  91,798        20,800             2,968,177,050  81,250
9/20/2016 2:00  94,289        18,190             2,968,085,252  137,500
9/20/2016 1:00  111,240      25,838          2,967,990,963  150,020
9/20/2016 0:00  131,996      32,389          2,967,879,723  174,980
9/19/2016 23:00   154,493        40,413          2,967,747,727  175,000
9/19/2016 22:00   193,840        40,529          2,967,593,234  300,194
9/19/2016 21:00   198,897        95,864          2,967,399,394  175,329
9/19/2016 20:00   227,964        140,023            2,967,200,497   275,666
9/19/2016 19:00   258,549        159,660            2,966,972,533   275,626
9/19/2016 18:00   258,350        154,958            2,966,713,984   275,326
9/19/2016 17:00   280,576        122,066            2,966,455,634   250,492
9/19/2016 16:00   288,137        107,260            2,966,175,058   224,489
9/19/2016 15:00   260,641        96,703          2,965,886,921  225,277
9/19/2016 14:00   214,148        66,325          2,965,626,280  225,000
9/19/2016 13:00   234,994        59,123          2,965,412,132  200,277
9/19/2016 12:00   232,784        66,435          2,965,177,138  250,000
9/19/2016 11:00   235,473        57,980          2,964,944,354  125,224
9/19/2016 10:00   178,755        61,779          2,964,708,881  125,000
9/19/2016 9:00  116,158      32,690          2,964,530,126  75,000

Thank you,

Reply

sundareshr
Legend
‎09-22-2016 03:31 PM

Try this

base search | eval day=strftime(strptime(DateTime, "%-m/%-d/%Y %-H:%M"). "%m/%d") | stats sum(*) AS * by day
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...