Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Changing timechart X axis

appleman
Contributor
‎12-25-2013 11:25 PM

Hello,

I want to change X axis on timechart, so I created a dashboard, and added the following option.

My search: index=test sourcetype=type | timechart span=5m sum(A) as A sum(B) as B sum(C) as C sum(D) as D

1
P0Y0M0DT2H0M0S

However, X axis still follows the splunk default auto settings which is 6hours or 4hours.
What else do I need to add on this dashboard to change X axis?

Thank you.

タイムチャートコマンドを利用したサーチで、縦棒グラフをダッシュボードに作成したのですが、下記の設定を加えてもX軸が上手く設定変更されません。
これ以外に何か加える設定等はございますでしょうか。

サーチ文:index=test sourcetype=type | timechart span=5m sum(A) as A sum(B) as B sum(C) as C sum(D) as D

1
P0Y0M0DT2H0M0S

0 Karma
Reply

melonman
Motivator
‎02-27-2014 05:28 AM

How about this?

index=_internal earliest=-24h@h latest=@h component="Metrics" group="tpool" 
| bucket _time span=1h 
| stats max(workers) as A avg(workers) as B  median(workers) as C stdev(workers) as D by _time 
| rename _time as time 
| eval time=strftime(time, "%Y/%m/%d %H:%M")

alt text

Reply

appleman
Contributor
‎12-26-2013 07:29 PM

Thank you for sharing.
I've converted my simple xml to advanced, but it didn't work.

0 Karma
Reply

somesoni2
Revered Legend
‎12-26-2013 04:54 AM

Have look at this post, which has similar requirements...
http://answers.splunk.com/answers/109435/timechart-x-axis-tick-marks-every-month?page=1&focusedAnswe...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...