Refine your search:

Bucket Listing

0

Ok, first off this has nothing to do with the colloquial notion of a 'bucket list'. What I'm trying to do is to run a query that makes buckets via two text fields: Job and Counter. What I need is basically something like this:

index=main | chart list(value) as values by job,counter

Only instead of a list of all the values, I want to have a list of buckets e.g. something that might look like this:

index=main | chart list(bucket bins=5 value) as values by job,counter

The reason I want to do this is because I need to index these buckets in order to have them quickly available in a reporting chart. How do I do the above operation?

asked 27 May '11, 19:05

deusaquilus's gravatar image

deusaquilus
12
accept rate: 0%

One Answer:
oldestnewestmost voted
0 
index=main | bucket bins=5 value | chart list(value) as values by job,counter
link

answered 28 May '11, 20:13

gkanapathy's gravatar image

gkanapathy ♦
32.3k4827
accept rate: 41%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×1,640
×281
×252
×88

Asked: 27 May '11, 19:05

Seen: 1,669 times

Last updated: 28 May '11, 20:13

Related questions

How can I include zero/empty count buckets in tables/charts?

timechart for "concurrent users per 5 minute bucket" for a month is not displaying

variable bucket sizes?

How to display bucket/histogram data with zero count?

Bucket Search Command Question

"shifting" search buckets

Subsearch within a bucket

charting customization

search command "bucket" time sorting

Copyright © 2005-2012 Splunk Inc. All rights reserved.