Difference between revisions of "Splunk"

Latest revision as of 13:46, 2 July 2024

Get the line result count.

  host=server01 Error | stats sum(linecount) as Total

Get result count per day or hour

 host=server01 Error | bucket _time span=hour |stats count by _time

@@ Line 1: / Line 1: @@
 Get the line result count.
     host=server01 Error | stats sum(linecount) as Total
+Get result count per day or hour
+  host=server01 Error | bucket _time span=hour |stats count by _time