Hi folks,
I am trying to obtain the maximum value from any cell in a table generated by a timechart search. For example, in the attached image the search string is:
index=_internal | timechart count by sourcetype
The time span automatically used is `1 day`. Based on this I want to receive the single value of `70434` which occurs under the `splunkd` column on `4/12/16`.
I can get the maximum value for each sourcetype with the following search:
index=_internal | timechart count by sourcetype | stats max(*) as *
However this doesn't get me the single value I want.
![alt text][1]
[1]: /storage/temp/122236-screen-shot-2016-04-12-at-80042-pm.png
↧