Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to hide time without values in timechart

alvaromoraes
Path Finder
‎01-24-2013 08:04 AM

Hello comunity,

I need help to hide a value unavailable in a timechart. I searched for some functions, but I have no sucess trying.

Please, see the image below:

alt text

I don't want the time column "13:00" appearing in timechart, 'cause i don't have results yet (my database query get results with an interval of 15 minutes). You know anything to hide it until results are avaiable?

My search:

sourcetype="backlog_baonline" | timechart span=1h max(TOTAL) by ACTIVITY limit=100 | rename _time AS Time | eval Time=strftime(Time, "%H:%M")

Time range: -4h to now

I tried usenull=f useother=f, but it didn't work for my purpose.

Thank you in advance!

Tags (3)
0 Karma
Reply

alvaromoraes
Path Finder
‎01-29-2013 10:15 AM

Yes, I tried to modify the time range like you said, but it didn't work. The column without any results always appear in the chart.

Thanks for the answer.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-25-2013 12:18 AM

Something like this?

...  | timechart count | reverse | accum count as total_count | reverse | where total_count > 0 | fields - total_count
0 Karma
Reply

alvaromoraes
Path Finder
‎01-29-2013 10:21 AM

I tried your suggestion in my source, same problem. I hate this empty column! haha

Thanks for the answer.

0 Karma
Reply

chris
Motivator
‎01-24-2013 05:03 PM

Have you tried playing with the end time of your search? sourcetype="backlog_baonline" earliest=-4h latest=-1h | timechart span=1h max(TOTAL) by ACTIVITY limit=100 | rename _time AS Time | eval Time=strftime(Time, "%H:%M")

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...