I am looking to set up a report counting daily occurrences over a period of 6 months, I want to be able to run this report on request. I've been looking around for a search to get this, but have run into a wall. Any help would be appreciated.
Does the event that you're counting has retention period or more than 6 months? If yes, then you can run simple search like base search | timechart span=1d count
on 6 month time range to get your report. If the retention period is less than 6 months than, you can get that report, at least not right away and directly. You would've to setup summary indexing , where you'll run a search daily to get count of events for yesterday and store it in a summary index with retention period of 6month or more. After a while this summary index will have data for your report.
Does the event that you're counting has retention period or more than 6 months? If yes, then you can run simple search like base search | timechart span=1d count
on 6 month time range to get your report. If the retention period is less than 6 months than, you can get that report, at least not right away and directly. You would've to setup summary indexing , where you'll run a search daily to get count of events for yesterday and store it in a summary index with retention period of 6month or more. After a while this summary index will have data for your report.
Thank you, that works perfectly.