Solved: Chart based on # of events

jared_anderson · ‎01-16-2013

I want to create charts based on number of results. I have tried

"172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by ATMs" (ATMs being a searchable field).

The problem is it then separates the chart into the top 10 or so results. I have tried
"172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by Events" (Events just being a random word).

This actually works, but then the results are labeled as a null value. I am looking to create a time chart based on number of events.

jared_anderson · ‎10-23-2017

172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by Events | rename null as Events

View solution in original post

jared_anderson · ‎10-23-2017

172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by Events | rename null as Events

ddarmand · ‎02-14-2013

same question here

Chart based on # of events

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?

Chart based on # of events

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2