Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Getting rid of unused time in timechart

plucas_splunk
Splunk Employee
Splunk Employee
‎08-31-2016 08:09 AM

Given a search:

index="muni" | nbclosest | timechart span=30m dc(vehicle_id) as NumVehicles

(where nbclosest is a custom search command that filters results and isn't relevant to this question) it correctly charts the data, but the problem the data is only from a subset of hours in the day, e.g., 10am to 7pm. When plotting it, it looks like the attached image:

alt text

I'd like to change the chart so that the times outside 10am-7pm aren't displayed at all. It would be as if the chart were squished horizontally by removing midnight-10am and 7pm-midnight.

How can I do this?

Preview file
222 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-31-2016 08:16 AM

See if add cont=f to the timechart command gives you the desired output.

View solution in original post

Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-31-2016 08:56 AM

Give this a try. You may loose the x-axis markers

index="muni" | nbclosest | bucket span=30m _time | stats dc(vehicle_id) as NumVehicles by _time
0 Karma
Reply
Solved! Jump to solution

plucas_splunk
Splunk Employee
Splunk Employee
‎08-31-2016 10:38 AM

This produces the same result as adding cont=f but, oddly, says "0 events" on the left.

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-31-2016 08:16 AM

See if add cont=f to the timechart command gives you the desired output.

Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...