Databases Reference
In-Depth Information
Now let's see how many errors have occurred per user over the same time period.
We simply need to add
by user
to the query:
sourcetype="impl_splunk_gen" error | timechart count by user
This produces the following chart:
As we stated before, the x axis is always time. The y axis can be:
• One or more functions
• A single function with a
by
clause
• Multiple functions with a
by
clause (a new feature in Splunk 4.3)
An example of a
timechart
with multiple functions might be:
sourcetype="impl_splunk_gen" error
| timechart
count as "Error count"
max(req_time) as "Max request time"
This would produce a graph like this:
Search WWH ::
Custom Search