Hi,
I'm new to Splunk, so please bear with me. I'm trying to get a count of a field with multiple values by day. As an example, the field is Product_Name . Product_Name can have values such as "iPhone", "iPad", "MacBook" and so on. The number of values is in the hundreds (possibly thousands). I'd like a count of Product_Name by day (for the last 30 days) that I can then export to Excel. The following seemed to get me the closest:
Product_Name="*" | timechart count by Product_Name
This doesn't group the results by day (I tried bucket _time span=1d , but it didn't seem to work). It also doesn't include the full list of values (only about a dozen) and the export option is not available.
The following provides the full list with count, but is not by day:
Product_Name="*" | top limit=10000 Product_Name
Thanks very much for the help!
... View more