Re: how to create timechart for a stat count resul...

wangkevin1029 · ‎12-06-2022

Hi, Splunkers,

I have dashboard ,which has a table ouput like below:

| table _time, column1, column2, column3

time column1 column2 column3
xxx a 1234 1234
xxx b 3243 3434
xxx c 2343 3434
xxx a 1234 1234
xxx b 3243 3434
xxx a 2343 3434

when I add |stats count by column1:

| table column1, column2, column3 | stats count by column1

column1 count
a 3
b 2
c 1

I want to have a chart to display this stats count result in different time period, when I select different time/date range,

like when I select 7 days, I want this stats count columns1 result showing in every single hour for each day for 7 days date range I selected.

I am a splunk beginner, not sure if I describe my requirement clearly...😁

thx in advance.

Kevin

wangkevin1029 · ‎12-07-2022

Sanjay,

when just add | stats count by VQ， I have correct statistics return as below:

wangkevin1029 · ‎12-06-2022

also expect to see this bar graph when event tab is selected.

Kevin

SanjayReddy · ‎12-06-2022

can you try this
| timechart span=1h by column1

wangkevin1029 · ‎12-13-2022

SanjayReddy,

I tried | table _time， column， column2, column3 | stats count by VQ | timechart span=1h count by VQ

or

| table _time， column， column2, column3 | timechart span=1h count by VQ, both has statistics tab 0.

but when I run | table _time， column， column2, column3 | stats count by VQ, it has correct return.

Kevin

wangkevin1029 · ‎12-07-2022

SanjayReddy,

I tried | table _time， column， column2, column3 | stats count by VQ | timechart span=1h count by VQ

or

| table _time， column， column2, column3 | timechart span=1h count by VQ, both has statistics tab 0.

but when I run | table _time， column， column2, column3 | stats count by VQ, it has correct return.

Kevin

wangkevin1029 · ‎12-07-2022

How to create timechart for a stat count result for every single hour for date range selection?