Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to put _time to x axis in line chart on per hour basis?

josefa123
Explorer
‎08-11-2015 09:23 PM

Here is my search manager:

var search1 = new SearchManager({
            id: "rtCPUDaySearch",
            earliest_time: "rt-24h",
            latest_time: "rt",
            autostart: true,
            search: host="AAAAAAAAAAAAAAAAA"| bin _time span=2m | stats first(pctSystem) by _time | sort -_time',
            preview: true,
            cache: false
        });

Here is my chart view:

new ChartView({
            id: "element2",
            managerid: "rtCPUDaySearch",
            type: "line",
            "charting.legend.placement": "bottom",
            el: $("#myLineChart")
        }).render();

Here is the result:

alt text

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎08-11-2015 11:12 PM

This is determined by the search you run. You have two options here: either you bucket _time in hour buckets, or (and I would recommend this) you use timechart instead of bucketing and stats. Your search would look like this with timechart:

host="AAAAAAAAAAAAAAAAA"| timechart span=1h first(pctSystem)

Or like this with bucket:

host="AAAAAAAAAAAAAAAAA"| bin _time span=1h | stats first(pctSystem) by _time | sort -_time

View solution in original post

Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎08-11-2015 11:12 PM

This is determined by the search you run. You have two options here: either you bucket _time in hour buckets, or (and I would recommend this) you use timechart instead of bucketing and stats. Your search would look like this with timechart:

host="AAAAAAAAAAAAAAAAA"| timechart span=1h first(pctSystem)

Or like this with bucket:

host="AAAAAAAAAAAAAAAAA"| bin _time span=1h | stats first(pctSystem) by _time | sort -_time
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...