Best way is to download "simplexmlexamples" app which has got a working version of "Scatter chart"
The core logic is something like below:
<chart> <title>HTTP 2xx Success Response</title> <searchPostProcess>| where (status) >= 200 and (status) < 300</searchPostProcess> <option name="charting.chart">scatter</option> </chart>
Can you guide me specifically to scatter/bubble examples that are plotted against time?
The sample in above app shows scatter plotted against time where time is "datehour". You could change the X axis interval to "1" to have it on hourly basis. Also note, Splunk Scatter chart can have 1000 data points max.
index = _internal | stats count, mode(status) by method, status, datehour | where (status) >= 200 and (status) < 300
The same goes for bubble chart as well is also shown with "datehour" as X axis.
index = _internal sourcetype=splunkdaccess | stats count sum(bytes) as "Total Bytes" by status, datehour | table status datehour count "Total Bytes"
There are some complicated examples to use _time, but it is much easier to use date_hour
Thanks for the quick response. Howover, my use case requires the monthly/date context preserved. Finding it hard to crack! Did not find anything specific on the link provided. Is there something specific there you pointed out?