dev333
Reputation: 799
How to write a Splunk query to get the result for every hour in a day?
I am trying to fetch the results based on Splunk search for every hour in a day. I want to add the timestamp in the results. I'm expecting 24 rows in the result each row is considered as one hour data with timestamp mentioned in each row per day.
My basic query:
index = 'xyz' sourcetype='abc' status='completed'
How can I modifying the query in the below format?
time status
1am completed
2am completed
.. ...
11pm completed
Upvotes: 0
Views: 1995
Answers (1)
Related Questions
- splunk results per day and overall
- Splunk query for rarity without AI
- how to write splunk query to create a table view
- Display result count of multiple search query in Splunk table
- Join two Splunk queries without predefined fields
- Splunk: How to Write regex for pathparam?
- splunk query to concatenate status code for every hour
- How to write a splunk query to ensure that search is working?
- run subquery for each row of csv file passing the field in search string