Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

events per second on a sourcetype

a212830
Champion
‎05-29-2013 04:12 AM

Hi,

How would I go about getting events per second on a sourcetype?

Tags (2)
0 Karma
Reply

aholzer
Motivator
‎05-29-2013 09:17 AM

Note that there is a cap on the number of results you can display on a chart. If you are going to use a 1s (one second) span, then you are going to have to limit the time range you are looking at significantly. Specially if you have multiple sourcetypes that you are charting.

0 Karma
Reply

MuS
Legend
‎05-29-2013 04:22 AM

Hi a212830

updated

I think you are looking for this

yourSearch | bucket _time span=1s | chart count over _time by sourcetype

not for this

yourSearch | timechart span=1s count by sourcetype

cheers, MuS

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...