Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Chart based on # of events

jared_anderson
Path Finder
‎01-16-2013 07:31 AM

I want to create charts based on number of results. I have tried

"172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by ATMs" (ATMs being a searchable field).

The problem is it then separates the chart into the top 10 or so results. I have tried
"172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by Events" (Events just being a random word).

This actually works, but then the results are labeled as a null value. I am looking to create a time chart based on number of events.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jared_anderson
Path Finder
‎10-23-2017 01:32 PM

172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by Events | rename null as Events

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jared_anderson
Path Finder
‎10-23-2017 01:32 PM

172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBound | timechart count by Events | rename null as Events

0 Karma
Reply
Solved! Jump to solution

ddarmand
Communicator
‎02-14-2013 01:28 AM

same question here

0 Karma
Reply
Get Updates on the Splunk Community!

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...