https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313789#M93921 <P>try this:<BR /> <CODE>| inputlookup xxxx.csv |eval _time = strptime(time, "%m/%d/%Y %H:%M") | timechart span=1d as ElapsedTime</CODE></P> Thu, 05 Apr 2018 01:33:10 GMT adonio 2018-04-05T01:33:10Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313788#M93920 <P>I have hourly data for 30 days on execution of jobs. I wanted to create a timechart based on elapsed time. could you please help me through. my query:</P> <P>| inputlookup xxxx.csv |eval in_epoch = strptime(time, "%m/%d/%Y %H:%M") | timechart span=1d as ElapsedTime</P> <P>Could you please help?</P> Wed, 04 Apr 2018 22:34:58 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313788#M93920 jcvytla 2018-04-04T22:34:58Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313789#M93921 <P>try this:<BR /> <CODE>| inputlookup xxxx.csv |eval _time = strptime(time, "%m/%d/%Y %H:%M") | timechart span=1d as ElapsedTime</CODE></P> Thu, 05 Apr 2018 01:33:10 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313789#M93921 adonio 2018-04-05T01:33:10Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313790#M93922 <P>try this,</P> <PRE><CODE>| inputlookup xxxx.csv |eval in_epoch = strptime(time, "%m/%d/%Y %H:%M") | bucket in_epoch span=1d| stats count values(your_field) as your_field by in_epoch |convert ctime(in_epoch) </CODE></PRE> Thu, 05 Apr 2018 04:26:17 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313790#M93922 splunker12er 2018-04-05T04:26:17Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313791#M93923 <P>try this,</P> <PRE><CODE> | inputlookup xxxx.csv |eval in_epoch = strptime(time, "%m/%d/%Y %H:%M") | bucket in_epoch span=1d| stats count values(your_field) as your_field by in_epoch |convert ctime(in_epoch) </CODE></PRE> Thu, 05 Apr 2018 04:28:11 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313791#M93923 splunker12er 2018-04-05T04:28:11Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313792#M93924 <P>I think you should try something like this</P> <PRE><CODE>| inputlookup xxxx.csv |eval _time=strptime(time, "%m/%d/%Y %H:%M") | timechart span=1d count </CODE></PRE> <P>OR</P> <PRE><CODE>| inputlookup xxxx.csv |eval _time=time | bin _time span=1d | stats count by _time </CODE></PRE> <P>let me know if this helps!</P> Thu, 05 Apr 2018 07:28:40 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313792#M93924 mayurr98 2018-04-05T07:28:40Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313793#M93925 <P>Hi @adonio,</P> <P>Thanks for your response.I'm getting this error while running the your solution:</P> <P>"Error in 'timechart' command: The specifier 'as' is invalid. It must be in form (). For example: max(size)."</P> Thu, 05 Apr 2018 17:23:43 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313793#M93925 jcvytla 2018-04-05T17:23:43Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313794#M93926 <P>HI Mayur,</P> <P>Thanks for your response. But, both the solution are not working. Data is not being populated in the first place.</P> <P>Thanks</P> Thu, 05 Apr 2018 17:25:21 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313794#M93926 jcvytla 2018-04-05T17:25:21Z https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313795#M93927 <P>Hi @splunker12er,</P> <P>Thanks for your response. I don't get any error, but is not being populated </P> Thu, 05 Apr 2018 17:27:28 GMT https://community.splunk.com/t5/Splunk-Search/Need-help-in-creating-timechart-query/m-p/313795#M93927 jcvytla 2018-04-05T17:27:28Z