Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I format the y-axis on a chart to properly display military time?

szimmer661
Explorer
‎07-11-2016 11:07 AM

I'm using the following to chart job end times over date:

index = ironstream MSGNUM = "IEF404I" ( JOBNAME = TZRPD85 OR TZRPDV9 OR TZRPD35 ) | eval JobEndDate=strftime(_time,"%m/%d/%Y") | eval JobEndTime=strftime(_time,"%H%M") | lookup MF_Jobname_Info.csv JOBNAME OUTPUT Job_Desc | eval JobNameDesc=JOBNAME+" "+Job_Desc | chart earliest(JobEndTime) over JobEndDate by JobNameDesc

The chart is working, except the JobEndTime, meant to be military time, is displaying on the y-axis as comma delimited whole numbers without leading zeroes.

Can I format the y-axis to properly display military time?

Thanks, Steve

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-11-2016 11:17 AM

The y-axis values have to be numeric and the military time formatting will make it string. I don't think there is a workaround to this.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sundareshr
Legend
‎07-11-2016 11:33 AM

Sounds like you need the timeline app

https://splunkbase.splunk.com/app/3120/

0 Karma
Reply
Solved! Jump to solution

szimmer661
Explorer
‎07-11-2016 12:25 PM

Thank you for the prompt reply. I will investigate the timeline app.

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-11-2016 11:17 AM

The y-axis values have to be numeric and the military time formatting will make it string. I don't think there is a workaround to this.

0 Karma
Reply
Solved! Jump to solution

szimmer661
Explorer
‎07-11-2016 11:24 AM

Thank you for the prompt reply. When I tried leaving the time alone, hh.mm, the chart would not display anything at all. Any suggestions would be greatly appreciated.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎07-11-2016 11:33 AM

So, you're saying this query is showing blank result in chart (visualization) 

 index = ironstream MSGNUM = "IEF404I" ( JOBNAME = TZRPD85 OR TZRPDV9 OR TZRPD35 ) | eval JobEndDate=strftime(_time,"%m/%d/%Y") | eval JobEndTime=strftime(_time,"%H.%M") | lookup MF_Jobname_Info.csv JOBNAME OUTPUT Job_Desc | eval JobNameDesc=JOBNAME+" "+Job_Desc | chart earliest(JobEndTime) over JobEndDate by JobNameDesc

Check the table/statistics for this query, it should give column values as decimal numbers

0 Karma
Reply
Solved! Jump to solution

szimmer661
Explorer
‎07-11-2016 12:04 PM

I was wrong above and must have parsed _time with %H:%M. Using %H.%M does show values in both the chart and the table. The y-axis is now showing whole numbers, up to 24 that I'll need to explain are the hours of the day and any hour before noon will not show a leading zero. It'll take some getting used to, but definitely workable.

Thanks for the help.

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...