Splunk

From John Freier
Revision as of 13:46, 2 July 2024 by Jfreier (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Get the line result count. 

  host=server01 Error | stats sum(linecount) as Total

Get result count per day or hour 

 host=server01 Error | bucket _time span=hour |stats count by _time
Retrieved from "http://wiki.johnfreier.com/index.php?title=Splunk&oldid=1165"