topic How to use timestamp as x axis in chart? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-use-timestamp-as-x-axis-in-chart/m-p/609850#M212073 <P>Currently I have used a similar query to what is below to plot data on a 24 hour graph.</P> <PRE>index=mock_index source=mock_source.log param1 param2 param3<BR />| rex field=_raw "Latency: (?&lt;latency&gt;[0-9]+)"<BR />| eval time = mvjoin(mvindex(split(_raw, " "), 0, 1), " ")<BR />| eval time = strptime(time, "%Y-%m-%d %H:%M:%S,%3N")<BR />| table time, latency</PRE> <P>An example event:</P> <PRE>2022-08-16 14:04:34,123 INFO [stuff] Latency: 55 [stuff]</PRE> <P>Ideally I would like to get latency averages over 5 minute periods, and display the data to a graph where the x-axis labels 30 minute intervals.&nbsp; Given this goal, is strptime() the best way to manage the timestamps in my events?</P> Wed, 17 Aug 2022 18:47:28 GMT firstname 2022-08-17T18:47:28Z How to use timestamp as x axis in chart? https://community.splunk.com/t5/Splunk-Search/How-to-use-timestamp-as-x-axis-in-chart/m-p/609850#M212073 <P>Currently I have used a similar query to what is below to plot data on a 24 hour graph.</P> <PRE>index=mock_index source=mock_source.log param1 param2 param3<BR />| rex field=_raw "Latency: (?&lt;latency&gt;[0-9]+)"<BR />| eval time = mvjoin(mvindex(split(_raw, " "), 0, 1), " ")<BR />| eval time = strptime(time, "%Y-%m-%d %H:%M:%S,%3N")<BR />| table time, latency</PRE> <P>An example event:</P> <PRE>2022-08-16 14:04:34,123 INFO [stuff] Latency: 55 [stuff]</PRE> <P>Ideally I would like to get latency averages over 5 minute periods, and display the data to a graph where the x-axis labels 30 minute intervals.&nbsp; Given this goal, is strptime() the best way to manage the timestamps in my events?</P> Wed, 17 Aug 2022 18:47:28 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timestamp-as-x-axis-in-chart/m-p/609850#M212073 firstname 2022-08-17T18:47:28Z Re: How to use timestamp as x axis in chart? https://community.splunk.com/t5/Splunk-Search/How-to-use-timestamp-as-x-axis-in-chart/m-p/609861#M212074 <P>Hi</P><P>why not use just timechart command?</P><LI-CODE lang="markup">index=mock_index source=mock_source.log param1 param2 param3 | rex field=_raw "Latency: (?&lt;latency&gt;[0-9]+)" | timechart span=5m avg(latency) as latency</LI-CODE><P>I expecting that your event's _time is same as your examples date + time.</P><P>r. Ismo&nbsp;</P> Wed, 17 Aug 2022 19:58:38 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timestamp-as-x-axis-in-chart/m-p/609861#M212074 isoutamo 2022-08-17T19:58:38Z