Re: How to hide time without values in timechart

alvaromoraes · ‎01-24-2013

Hello comunity,

I need help to hide a value unavailable in a timechart. I searched for some functions, but I have no sucess trying.

Please, see the image below:

I don't want the time column "13:00" appearing in timechart, 'cause i don't have results yet (my database query get results with an interval of 15 minutes). You know anything to hide it until results are avaiable?

My search:

sourcetype="backlog_baonline" | timechart span=1h max(TOTAL) by ACTIVITY limit=100 | rename _time AS Time | eval Time=strftime(Time, "%H:%M")

Time range: -4h to now

I tried usenull=f useother=f, but it didn't work for my purpose.

Thank you in advance!

alvaromoraes · ‎01-29-2013

Yes, I tried to modify the time range like you said, but it didn't work. The column without any results always appear in the chart.

Thanks for the answer.

martin_mueller · ‎01-25-2013

Something like this?

...  | timechart count | reverse | accum count as total_count | reverse | where total_count > 0 | fields - total_count

alvaromoraes · ‎01-29-2013

I tried your suggestion in my source, same problem. I hate this empty column! haha

Thanks for the answer.

chris · ‎01-24-2013

Have you tried playing with the end time of your search? sourcetype="backlog_baonline" earliest=-4h latest=-1h | timechart span=1h max(TOTAL) by ACTIVITY limit=100 | rename _time AS Time | eval Time=strftime(Time, "%H:%M")

How to hide time without values in timechart

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms