VISUALIZING LOGS TIMELINE

Charting total event count over time, grouped by day will aid in determining the number of events captured per day

SPLUNK> Search & Reporting
 SPL: index=main sourcetype=web_traffic | timechart span=1d count
 DTG: All Time
 Visualization: Yes
 
 * appending the "reverse" function at the end will display the result in descending
   order, showing the day with the maximum number of events at the beginning.
    - index=main sourcetype=web_traffic | timechart span=1d count | sort by count | reverse
       - alt: sort -count 
          - this is the same as using the reverse function
PreviousEXPLORING WEB TRAFFICNextANOMALY DETECTION

Last updated