Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Dates cluttered in X-axis

freephoneid
Path Finder
‎10-12-2011 10:24 AM

Hi,

I've column chart which uses below query:

index=test | stats last(_time) AS time by customerid | convert timeformat="%Y-%m-%d" ctime(time) AS datetime | stats count(customerid) by datetime

The above chart works fine & displays dates on X-axis. I've also added timerangepicker drop-down so that it displays the results based on the date range selected in drop-down. However, if I select "Last 30 Days", then the dates on X-axis become all cluttered & does not look good.

Is there any way I can show only certain dates whenever I select large time range (just like timechart)??

If this is not possible, how can I convert above query to use the timechart so that it won't clutter the dates?

Thanks!

Tags (2)
Reply

woodcock
Esteemed Legend
‎05-29-2015 02:24 PM

You are correct, the only good way to get flexible ("nice") automatically adjusting X-axis labels for times is to use timechart. Try something like this:

 index=test | timechart span=1h dc(customerid)

Or maybe this:

 index=test | timechart span=1h count

BTW, when I do things like this, I create a simple XML form with 2 controls: Chart Timespan/Width (which is the timepicker repackaged) and Interval-Span/Bucket-Size which is the span=1h part with hard-coded options like this:
5 minutes
15 minutes
30 minutes
1 hour
2 hours
6 hours
1 day

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...