Solved: How to ignore days with no data in timechart?

tonahoyos · ‎06-27-2018

Hello,

I want to be able to ignore days where data was not collected. I am using the following search:

index="x"
| timechart span=1d count(Number)

What command can I use to ignore these non value added days?

FrankVl · ‎06-27-2018

Timechart generates a continuous timerange. If you just want the count on days where there are some events, just do the following:

index="x"
| bin _time span=1d
| stats count(Number) by _time

Or try the following, by setting cont=false for the timechart command:

index="x"
| timechart span=1d cont=false count(Number)

niketn · ‎06-27-2018

Try adding cont=f parameter

index="x"
| timechart span=1d count(Number) cont=f

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

FrankVl · ‎06-27-2018

Timechart generates a continuous timerange. If you just want the count on days where there are some events, just do the following:

index="x"
| bin _time span=1d
| stats count(Number) by _time

Or try the following, by setting cont=false for the timechart command:

index="x"
| timechart span=1d cont=false count(Number)

niketn · ‎06-27-2018

@FrankVl, you documented both... I thought I would just add the timechart one 😉

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

How to ignore days with no data in timechart?