Changing timechart X axis

appleman · ‎12-25-2013

Hello,

I want to change X axis on timechart, so I created a dashboard, and added the following option.

My search: index=test sourcetype=type | timechart span=5m sum(A) as A sum(B) as B sum(C) as C sum(D) as D

1
P0Y0M0DT2H0M0S

However, X axis still follows the splunk default auto settings which is 6hours or 4hours.
What else do I need to add on this dashboard to change X axis?

Thank you.

タイムチャートコマンドを利用したサーチで、縦棒グラフをダッシュボードに作成したのですが、下記の設定を加えてもX軸が上手く設定変更されません。
これ以外に何か加える設定等はございますでしょうか。

サーチ文：index=test sourcetype=type | timechart span=5m sum(A) as A sum(B) as B sum(C) as C sum(D) as D

1
P0Y0M0DT2H0M0S

melonman · ‎02-27-2014

How about this?

index=_internal earliest=-24h@h latest=@h component="Metrics" group="tpool" 
| bucket _time span=1h 
| stats max(workers) as A avg(workers) as B  median(workers) as C stdev(workers) as D by _time 
| rename _time as time 
| eval time=strftime(time, "%Y/%m/%d %H:%M")

appleman · ‎12-26-2013

Thank you for sharing.
I've converted my simple xml to advanced, but it didn't work.

somesoni2 · ‎12-26-2013

Have look at this post, which has similar requirements...
http://answers.splunk.com/answers/109435/timechart-x-axis-tick-marks-every-month?page=1&focusedAnswe...

Changing timechart X axis

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Changing timechart X axis

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...