Solved: How to get Splunk default histogram/timeline graph...

agoktas · ‎10-01-2015

Hello,

I want the exact graph that Splunk provides when you perform a search in one of my dashboards.

How do I do that?

When I save the search as a panel, I'm put into a position where I need to customize the graphing my self, which I fail miserably.

The Splunk default one is nice because it auto adjusts based on time frames you search (i.e.: Search a full day, it will break down timeline by 1 hour sections, 365 day search, it will break it down into days or weeks, etc.).

Thanks!

mporath_splunk · ‎10-01-2015

You can customize the span width in like so: ... | timechart count span=1d

View solution in original post

mporath_splunk · ‎10-01-2015

You can customize the span width in like so: ... | timechart count span=1d

agoktas · ‎10-01-2015

| timechart count span=1h
worked perfectly. Now I have hourly columns/bars in the bar graph in the time span that I provide (auto adjusts the width). Very nice!

mporath_splunk · ‎10-01-2015

What's the output when you look at it in a dashboard? Can you post a screenshot? By default the visualizations behave the same in both Search and Dashboards.

How to get Splunk default histogram/timeline graph into a dashboard

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector