Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Dates cluttered in X-axis

freephoneid
Path Finder
‎10-12-2011 10:24 AM

Hi,

I've column chart which uses below query:

index=test | stats last(_time) AS time by customerid | convert timeformat="%Y-%m-%d" ctime(time) AS datetime | stats count(customerid) by datetime

The above chart works fine & displays dates on X-axis. I've also added timerangepicker drop-down so that it displays the results based on the date range selected in drop-down. However, if I select "Last 30 Days", then the dates on X-axis become all cluttered & does not look good.

Is there any way I can show only certain dates whenever I select large time range (just like timechart)??

If this is not possible, how can I convert above query to use the timechart so that it won't clutter the dates?

Thanks!

Tags (2)
Reply

woodcock
Esteemed Legend
‎05-29-2015 02:24 PM

You are correct, the only good way to get flexible ("nice") automatically adjusting X-axis labels for times is to use timechart. Try something like this:

 index=test | timechart span=1h dc(customerid)

Or maybe this:

 index=test | timechart span=1h count

BTW, when I do things like this, I create a simple XML form with 2 controls: Chart Timespan/Width (which is the timepicker repackaged) and Interval-Span/Bucket-Size which is the span=1h part with hard-coded options like this:
5 minutes
15 minutes
30 minutes
1 hour
2 hours
6 hours
1 day

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...