Solved: How do I change the interval of results displayed?

mattgates · ‎05-11-2011

I am searching for results from a storage report that is generated once an hour. When I generate a a chart for these results, I see only data from 00:00 each day. I want the chart to display the hour by hour data. How do I change the interval of the results to be once hourly rather than once daily?

southeringtonp · ‎05-11-2011

It isn't 100% clear what you're trying to do, but it sounds like you may want to add span=1h to your chart command...

Have you looked at this page?

http://www.splunk.com/base/Documentation/latest/SearchReference/Chart

View solution in original post

southeringtonp · ‎05-11-2011

It isn't 100% clear what you're trying to do, but it sounds like you may want to add span=1h to your chart command...

Have you looked at this page?

http://www.splunk.com/base/Documentation/latest/SearchReference/Chart

How do I change the interval of results displayed?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How do I change the interval of results displayed?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...