Refine your search:

Graphing results from a single search as separate data sets?

0

I'm parsing web logs for the HTTP codes (200, 404, 500, etc). I have the search done which shows the number of each code in a specific time period.

I'd like to generate a graph over time (say per hour), with the number of each code found as a separate data set.

The search I'm using now is

sourcetype="iis*" | rex field=_raw "(?\d+) \d+ \d+$" | stats count by httpcode

Is this possible?

asked 12 Jan '11, 16:41

mphuie's gravatar image

mphuie
11
accept rate: 0%

One Answer:
oldestnewestmost voted
0 
sourcetype="iis*" | rex field=_raw "(?\d+) \d+ \d+$" | timechart span=1h count by httpcode
link

answered 12 Jan '11, 16:49

fk319's gravatar image

fk319
469212
accept rate: 22%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×68

Asked: 12 Jan '11, 16:41

Seen: 1,338 times

Last updated: 07 Apr '11, 18:22

Related questions

Graphing scheduled saved search results

Graphing multiple data sources in one chart

Use results from search as input to a lookup

Charting / Graphing Multiple data sources one chart

Graphing or bucketing a summary indexed query

graphing by day

create time range from times gleaned from one search to perform another search

Files in folders indexed but no results showing in search

Combine the results from different savedsearches into one graph.

Copyright © 2005-2012 Splunk Inc. All rights reserved.