Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Apache GET requests - include total count and sub counts on same chart

hharvey
Explorer
‎12-06-2013 11:26 AM

I've got a line chart to display a count of GET requests for URLS/product name over time. Pretty straight forward search:

index=apache sourcetype=app_access "/products/" | timechart  span=1m count by productname

I've also got a line chart of total GET requests over time:

index=apache sourcetype=app_access "/products/" | timechart span=1m count

Can I combine these two searches into one timechart (line chart, I'm not interested in a stacked column) so that lines for each product AND a line for the total are displayed at once. Feel like this should be easy, but I haven't stumbled on the answer yet!

Tags (1)
0 Karma
Reply

asimagu
Builder
‎12-09-2013 07:02 PM

there can be several approaches, the overlay view with advanced XML as a complex solution and something easier depending on how flexible you are on how you want the data displayed.

I would try first by appending | addtotals to your timechart by product

Check out the command options in the documentation to make it work the way you want 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...