Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to remove empty buckets in timechart

cmak
Contributor
‎01-25-2013 04:43 PM

When I plot a timechart, there are some empty buckets, which causes a gap in my graph.
This happens if I have no data at that time as I have discrete data.
Is there a way to remove these empty buckets from the data?

Reply

yuanliu
SplunkTrust
SplunkTrust
‎08-06-2014 06:14 PM

Interestingly, to remove empty buckets from timechart, you negate continuity; the option is cont.

| timechart cont=FALSE count

The plot is no longer linearly scaled to time if any bucket has been removed, of course. (cont defaults to TRUE.)

Reply

fabiocaldas
Contributor
‎05-11-2018 10:57 AM

Thanks it's helped a lot

0 Karma
Reply

Paolo_Prigione
Builder
‎01-27-2013 04:42 PM

You can play with the graphical chart settings and set "null values" to "connect".
But if the problem happens with many data points, probably you might want to change the timespan over which buckets are computed. 

| timechart span=2h count by host
Reply

RicoSuave
Builder
‎01-27-2013 10:32 AM

please look at the makecontinuos command:

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Makecontinuous

<yoursearch> | timechart count by blah | makecontinuos _time
0 Karma
Reply

chris
Motivator
‎01-26-2013 04:38 AM

You could append a "| where isnotnull(myDataField)" after the timechart command. But the resulting Graph could become difficult to read because the data points are not allways at the same intervall anymore.

0 Karma
Reply

Ayn
Legend
‎01-26-2013 01:34 AM

Why not use the graph option to omit null values instead?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...