Solved: Re: Changes in timechart useother functionality in...

kevintelford · ‎04-06-2011

We used to have a dashboard driven by a simple query that would show a value per hour for all of our index servers.

* | timechart span=1h count by splunk_server useother=f

Before we upgraded to 4.2 this would work as we had come to expect it, but now it only shows the top 10 servers. If we drop useother=f it will then show an "other" column along with the top 10, but we want all splunk_server values. Is there a new way to do this?

Thanks, Kevin

Stephen_Sorkin · ‎04-07-2011

I'm pretty sure that's how it has always behaved. To get more series, you need to use the limit argument like:

* | timechart span=1h count by splunk_server limit=100

View solution in original post

Stephen_Sorkin · ‎04-07-2011

I'm pretty sure that's how it has always behaved. To get more series, you need to use the limit argument like:

* | timechart span=1h count by splunk_server limit=100

kevintelford · ‎04-07-2011

Thank you Stephen 🙂 useother=f used to work, just not sure if it was intended to do what I wanted. Either way, limit=100 works perfectly, thank you sir.

Changes in timechart useother functionality in 4.2?

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability