New to splunk!
I'm currently having trouble trying to sum values in a field over a specific time span...
My search:
*HttpRequestProcessor | rex field=LogLine "(?<Time>\s\d+\s)" | rex field=TimeStamp_Thread "(?<dt2>[\d]{4}-[\d]{2}-[\d]{2} [\d]{1,2}:[\d]{1,2}[\d]{1,2}:[\d]{2}.[\d]{3})" | convert num(Time) | eval time5=strptime(dt2,"%Y-%m-%d %H") | eval _time=time5 | bucket _time span=1h | stats count(Time) by _time
instead of count(Time) what I really want is sum(Time) however, when I use that syntax, no stats are returned...what am I missing here?
Thanks!
... View more