How to write Splunk query to get first and last request time for each sources along with each source counts in a table output

Question

How to write Splunk query to get first and last request time for each sources along with each source counts in a table output

816 views Asked by Mahi At 07 October 2020 at 09:42

I have the following Splunk table data from a Splunk query output.

Source        RequestTime
SourceX     10/07/2020 04:03 AM  
SourceX     10/07/2020 07:15 AM 
SourceX     10/07/2020 11:19 AM
SourceY     10/07/2020 09:13 AM
SourceY     10/07/2020 11:09 AM
SourceY     10/07/2020 03:29 PM 
SourceY     10/07/2020 07:08 PM 
SourceZ     10/07/2020 09:43 AM 
SourceZ     10/07/2020 01:44 PM
SourceZ     10/07/2020 07:08 PM
SourceZ     10/07/2020 08:09 PM

Please help me to get the output as below table format.

Source    SourceCount     StartTime              EndTime
SourceX      3         10/07/2020 04:03 AM    10/07/2020 11:19 AM 
SourceY      4         10/07/2020 09:13 AM    10/07/2020 07:08 PM 
SourceZ      4         10/07/2020 09:43 AM    10/07/2020 08:09 PM

Original Q&A

There are 1 answers

**RichG** · Answer 1 · 2020-10-07 10:49:55

RichG On 07 October 2020 at 10:49

The stats command can do that.

... | stats count as SourceCount, min(RequestTime) as StartTime, max(RequestTime) as EndTime by Source

TechQA.

How to write Splunk query to get first and last request time for each sources along with each source counts in a table output

There are 1 answers

Related Questions in SPLUNK

Related Questions in SPLUNK-QUERY

Popular Questions

Popular Tags

Trending Questions