I am doing a very basic search that just shows the top URIs during a specific month each year. I would like to be able to put multiple years within the same graph to do a quick visual comparison. My search is as follows:
source="/opt/gathered-logs/*/apache2/access_log" | stats count by uri
And I define the date range for the search (November 2015/16/17/etc.) I get the information I want from the graph in a pie graph, but it's not very helpful for comparison purposes. I'd like to just show an overall line graph that displays Nov. 2015 vs Nov. 2016 on the same graph. I don't really need to know individual stats per URI, so if I remove the |stats count by uri, I get the nice general green bar graph in splunk, but I don't see a way to define two different date ranges and overlay them or whatever. Is this possible?
↧