Not dumb at all as I'm sure that has killed many search!

I do have the time picker set to "Last 24 hours". Changing it to "Last 7 days," I'm still not seeing what I would expect. It's not breaking down yesterday's event count per hour, just providing an overall count for the day.

Thx

Apologizes as diving into this more I finally realized your point on making sure the time picker is set correctly. Once I got that right, everything worked expected.

Thx again for the help!

but it is working perfectly fine at my end :
Try downloading this app and run the search again.
https://splunkbase.splunk.com/app/1645/

Try and let me know

I do have the app installed already

Thx

run this search for yesterday
index=foo

and see if you getting events for 24hrs? according to graph there is no data @yesterday except at 13 PM .

I have 1,087,163 million events for yesterday:

_time       
count   
2018-01-09 00:00    65
2018-01-09 01:00    57
2018-01-09 02:00    38
2018-01-09 03:00    12
2018-01-09 04:00    3
2018-01-09 05:00    71
2018-01-09 06:00    11
2018-01-09 07:00    6
2018-01-09 08:00    1701
2018-01-09 09:00    48821
2018-01-09 10:00    46659
2018-01-09 11:00    68360
2018-01-09 12:00    76469
2018-01-09 13:00    83794
2018-01-09 14:00    81029
2018-01-09 15:00    85605
2018-01-09 16:00    84611
2018-01-09 17:00    90232
2018-01-09 18:00    93578
2018-01-09 19:00    88134
2018-01-09 20:00    86039
2018-01-09 21:00    73613
2018-01-09 22:00    48728
2018-01-09 23:00    29527