@somesoni2 thanks that helped. Though as i change the time the x-axis labels disappear. I dont know how to display permanently

The x-axis labels will be visible based on number of points being shown (works good if number of points are under 100 or 74 from what I recall). so check how many rows your stats is giving back, may be adjust your span accordingly.

@Daljeanis, I guess the bucketing works good if they are standard spans like 10, 5, 20, 100. I tested with this runanywhere sample and it seems to be consistent with "good" spans.

| gentimes start=-1000 | streamstats count as sno | where sno>3| bucket span=10 sno | stats count by sno | sort num(sno)

@somesoni2 can we not limit the axis range 0-100 to the last data point 1000-1100. Just show end buckets and skip the rest of them to make it look sensible

You can specify how many records you want to keep by either specifying limit in your sort command OR using head command, like this (for sort without by clause):

current command including stats | sort 100 num(sno)

OR

current command including stats | sort num(sno) | head 100

This would provide me with top 100 values. I am looking for all the values but custom x-axis label to atleast get some context of presented data. Like getting first and last bin on the x-axis label

AFAIK, no such option exists.

Does bucket sometimes start from odd numbers, like 53-152? I seem to recall having had to add a "zero" record before and delete it after in order to make the numbers be even. Might have been when the range went to negative numbers as well.