Solved: How do I show more than 10 field values in a timec...

melonman · ‎12-03-2012

Hi,

I have a field "host" that contain more than 10 values.
When I issue "... | timechart count by host", timechart shows only 10 hosts and others.

Is it possible to configure the number of field values I can display in a timechart?
How do I configure simple XML views to show more than 10 host in a timechart?

Thanks in advance!

Drainy · ‎12-04-2012

sure, if you read the docs for timechart you'll see there is a setting called limit. If you set this to 0 it will not limit the results (by default its 10).

|timechart count by blah limit=0

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/timechart

Although there will be a limit to how much data the timechart can show 🙂

View solution in original post

Drainy · ‎12-04-2012

sure, if you read the docs for timechart you'll see there is a setting called limit. If you set this to 0 it will not limit the results (by default its 10).

|timechart count by blah limit=0

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/timechart

Although there will be a limit to how much data the timechart can show 🙂

How do I show more than 10 field values in a timechart?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

How do I show more than 10 field values in a timechart?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)