Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to display the max value par day

$
0
0
My search calculate the number of events of a field per hour per day. In my chart result I only want to see the max of each day mysearch | timechart count span=1h as nb | eval Day=strftime(_time,"%Y/%m/%d") | dedup nb | top 1 nb by Day | sort + Day | table Day nb The result is like that Day nb 2019-08-26 300 2019-08-27 252 2019-08-28 354 2019-08-29 458 but i would like to see the time slot in my result, like that Day nb 2019-08-26 10:00:00 300 2019-08-27 15:00:00 252 2019-08-28 13:00:00 354 2019-08-29 11:00:00 458 How to do that ? Thanks

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>