All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Heatmap - Date column automatically append hour. How to format and remove

h52huang
Path Finder
‎06-10-2018 12:01 AM

Hi, I sent an question but seems like it was not delivered by my poor network.

I have a heatmap. For raw events, I have a column as Date where example values are like 2018-05-21. my X contains all timewindow string, 01:00:00-01:00:20 for 24 hours. Z is a count value.

On heatmap, when I hover, it shows:
x: 01:00:00-01:00:20
y: 2018-05-21 06h (or 12h, or 00h)
z: 12

Is there a way to remove the automatically appended hour characters on the heatmap please? They are not in the raw data column. Do I do data formation and then hide? How to do it please? Could someone give an example please? Or, how can I resolve this in more straightforward ways please?

Thank you very much.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎06-13-2018 11:25 AM

I see. I think the visualization's framework, plotly.js, is automatically converting your date into a a string.

Can you try converting your timestamp to a different format before you do chart? For example,

| eval date_time_as_unix_timestamp = strptime(Date, "%F")
| eval Date = strftime(date_time_as_unix_timestamp, "%Y %b %d")

View solution in original post

Reply
Solved! Jump to solution
Solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎06-13-2018 11:25 AM

I see. I think the visualization's framework, plotly.js, is automatically converting your date into a a string.

Can you try converting your timestamp to a different format before you do chart? For example,

| eval date_time_as_unix_timestamp = strptime(Date, "%F")
| eval Date = strftime(date_time_as_unix_timestamp, "%Y %b %d")
Reply
Solved! Jump to solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎06-11-2018 01:14 PM

Can you post a few rows of the dataset (or one equivalent) so that I can help you?

0 Karma
Reply
Solved! Jump to solution

h52huang
Path Finder
‎06-11-2018 09:22 PM

@aljohnson_splunk @aljohnson
Thank you very much.

Date is strings of dates like "2018-05-07"
TimeWindow is string of fixed 20-min window for 24 hours.

TimeWindow 2018-05-07 2018-05-08 2018-05-09 2018-05-10 2018-05-11
00:00:00--00:20:00 0 3 1 6 4
00:20:00--00:40:00 0 1 2 4 0
00:40:00--01:00:00 0 0 2 1 4
01:00:00--01:20:00 0 0 2 4 0
01:20:00--01:40:00 0 8 1 2 4
01:40:00--02:00:00 0 9 2 1 2
02:00:00--02:20:00 0 3 2 2 4
... More windows...

The query I used for the heatmap is:
index="blabla" | chart sum(My_count_column) by TimeWindow Date | sort TimeWindow

When I hover on the heatmap, it shows as:
x: 02:00:00--02:20:00
y: May 08 00h ---> This has been converted from string '2018-05-05" to date with hour information. I want to keep it as '2018-05-08' please.
z: 3

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...