This is a work around using stats instead of timechart:
index=oidemo sourcetype=access_combined|bucket span=10min _time|stats count by _time clientip|where count>100
It will give you the result set you need.
This is a work around using stats instead of timechart:
index=oidemo sourcetype=access_combined|bucket span=10min _time|stats count by _time clientip|where count>100
It will give you the result set you need.
Great! brilliant - works as expected!