Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Count Sourcetype by Day

ccsfdave
Builder
‎05-08-2013 11:30 AM

Greetings,

I am trying to figure out whether data under a given source type is growing. I would like to get these results grouped into days for each source type:

*| stats count by sourcetype

So a chart would have the 8 source types I have grow or shrink by day.

Thanks for your help!

Dave

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎05-08-2013 11:40 AM

for the count of events :
* | timechart span=1d limit=10 count by sourcetype

or for the volume, see http://wiki.splunk.com/Community:TroubleshootingIndexedDataVolume

View solution in original post

Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎05-08-2013 11:40 AM

for the count of events :
* | timechart span=1d limit=10 count by sourcetype

or for the volume, see http://wiki.splunk.com/Community:TroubleshootingIndexedDataVolume

Reply
Solved! Jump to solution

ccsfdave
Builder
‎05-08-2013 11:41 AM

Thanks Yann!

I ended up with:
*| timechart span=6h count by sourcetype

Cheers!

0 Karma
Reply
Related Topics
Count Sourcetype by Day
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...