Solved: How do I show more than 10 field values in a timec...

melonman · ‎12-03-2012

Hi,

I have a field "host" that contain more than 10 values.
When I issue "... | timechart count by host", timechart shows only 10 hosts and others.

Is it possible to configure the number of field values I can display in a timechart?
How do I configure simple XML views to show more than 10 host in a timechart?

Thanks in advance!

Drainy · ‎12-04-2012

sure, if you read the docs for timechart you'll see there is a setting called limit. If you set this to 0 it will not limit the results (by default its 10).

|timechart count by blah limit=0

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/timechart

Although there will be a limit to how much data the timechart can show 🙂

View solution in original post

Drainy · ‎12-04-2012

sure, if you read the docs for timechart you'll see there is a setting called limit. If you set this to 0 it will not limit the results (by default its 10).

|timechart count by blah limit=0

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/timechart

Although there will be a limit to how much data the timechart can show 🙂

How do I show more than 10 field values in a timechart?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How do I show more than 10 field values in a timechart?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...