view results for last 24 hours, by hourly bases

Follow
Avatar
Dekel Moyal

Hi,

im, pretty new to Sumo logic, so far i'm loving it and i was able to find an answer for every query i had via community, support or just the general it-makes-sense UI :)

i have a good query that gives me a count of all Errors that happened in the last 24, can i break it up to hours?

to clarify what i'm asking, what i'm seeing now is:

Errors  -  5000

i would like to see how many happened each hour

like Errors first hour - 59

errors second hour - 50

just to break it up by Hours, to see where my peak is...

 

Hope its clear enough, and hope its doable, i'm sure it is.

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Rahul Choudhary

    Hi Dekel,

    Yes indeed you can achieve the same by using "_timeslice" operator in your query so you can create bucketed results based on a fixed interval (hourly in your case)

    Query should be something like

      * | timeslice 1h
        | count by _timeslice

    Please check below KB article for more example on the same:
    https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/timeslice

    Hope that helps!!

     

    -Rahul

     

     

     

    0
    Comment actions Permalink
  • Avatar
    Dekel Moyal

    Hi Rahul,

    thanks for the fast response, that seems to be exactly what i'm looking for :)  dont know how i missed it!

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post