Bin command splunk Inserts consecutive numbers into a discrete set or bin by adjusting the value of <field> so that all the elements in a particular set have the same value.

Note: The bin command is automatically called by the timechart command. Use the bin command only for statistical operations that the timechart command cannot handle.

Syntax:

bin
[<bin-options>...]
<field> [AS <newfield>]

Query before using bin command in splunk:

index="_internal" sourcetype=splunkd
| stats c by sourcetype _time

Result before using bin command splunk:

Query after using bin command in splunk:

index="_internal" sourcetype=splunkd
| bin span=5m _time
| stats c by sourcetype _time

Result after using bin command splunk:

Explanation:

The bin command in splunk is used to divide the events which are of the same time stamp and club then in to a single event and store it as a set as per timerange defined.

If you are still facing issue regarding bin command splunk Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on social platforms, happy Splunking >