Hi,
Sorry if this has been answered before, however, I am struggling with a search that I am trying to build.
The ideal result that I am trying to achieve is the following.
I wanted to create a search that could be used as a single value element with a trending arrow. So currently I am doing the following search
index=main machine_ip="xx.xx.xx.xx" http_status=200 | dedup user_ip | timechart span=60m count
However, this searches the last hour (if only 5 minutes into the hour the current hour will only have 5 minutes of data and therefore always be playing catch up to the previous hour).
Therefore I want to change this so it shows the continuous last 60 minutes. So if the search is run at 15.05 the single value would show 14:05 to 15:05 and the trend arrow and value with compare 13:05 to 14:05.
Please let me know if you require any further information.
↧