https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115875#M30747 <P>Hi john.byun,</P> <P><CODE>timechart</CODE> will do aggregation on the events, if you don't want aggregation use <CODE>chart</CODE> or <CODE>stats</CODE> like this:</P> <PRE><CODE>fieldvalue | chart values(fieldvalue) AS fieldvalues over _time fieldvalue | stats values(fieldvalue) AS fieldvalues by _time </CODE></PRE> <P>hope this helps ...</P> <P>cheers, MuS</P> Tue, 24 Jun 2014 07:14:41 GMT MuS 2014-06-24T07:14:41Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115869#M30741 <P>I have a list of events that have a specific value associated with each event. I want to create a line graph of those values. How do I do this?</P> <P>The elapsed time between each event is not consistent, so I want each event to be logged as a data point on my graph to be able to see the trend over time.</P> Mon, 23 Jun 2014 17:55:19 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115869#M30741 john_byun 2014-06-23T17:55:19Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115870#M30742 <P>As I always say, show us an example of your search, don't describe it.</P> Mon, 23 Jun 2014 18:06:28 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115870#M30742 grijhwani 2014-06-23T18:06:28Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115871#M30743 <P>My current search is simply "timechart avg(fieldvalue)", but this does not give me the results that I want.</P> <OL> <LI> I do not want an average of the values.</LI> <LI> I want each event to be a datapoint rather than giving me a single datapoint every 30 minutes.</LI> </OL> Mon, 23 Jun 2014 18:25:08 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115871#M30743 john_byun 2014-06-23T18:25:08Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115872#M30744 <P>I don't think that is a complete search command.</P> Mon, 23 Jun 2014 18:32:15 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115872#M30744 grijhwani 2014-06-23T18:32:15Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115873#M30745 <P>Sorry,</P> <P>fieldvalue | timechart avg(fieldvalue)</P> Mon, 23 Jun 2014 18:42:06 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115873#M30745 john_byun 2014-06-23T18:42:06Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115874#M30746 <P>Here is what my data looks like below. I want to create a line chart with time on the x-axis and the fieldvalue on the y-axis.</P> <P>Time Field Value<BR /> 12:15 90<BR /> 12:25 85<BR /> 1:00 70<BR /> 1:30 65<BR /> 2:30 95<BR /> 4:00 90</P> Mon, 23 Jun 2014 18:44:07 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115874#M30746 john_byun 2014-06-23T18:44:07Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115875#M30747 <P>Hi john.byun,</P> <P><CODE>timechart</CODE> will do aggregation on the events, if you don't want aggregation use <CODE>chart</CODE> or <CODE>stats</CODE> like this:</P> <PRE><CODE>fieldvalue | chart values(fieldvalue) AS fieldvalues over _time fieldvalue | stats values(fieldvalue) AS fieldvalues by _time </CODE></PRE> <P>hope this helps ...</P> <P>cheers, MuS</P> Tue, 24 Jun 2014 07:14:41 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115875#M30747 MuS 2014-06-24T07:14:41Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115876#M30748 <P>Perfect! Thank you very much.</P> Tue, 24 Jun 2014 22:00:49 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115876#M30748 john_byun 2014-06-24T22:00:49Z https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115877#M30749 <P>Please mark this as answered, if it worked for you - thx</P> Wed, 25 Jun 2014 07:04:35 GMT https://community.splunk.com/t5/Splunk-Search/Help-with-simple-timechart-query/m-p/115877#M30749 MuS 2014-06-25T07:04:35Z