I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetype per day over a span of 1 week. Can I use the eventcount for this? I'm not having much luck.
| eventcount summarize=false index=myindex sourcetype=mysourcetype
| timechart span=1d count
↧