- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to specify x-axis intervals on timechart
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to specify x-axis intervals on timechart
Hi
When doing a query like so
* | timechart span=1d count
I would expect the intervals on the x-axis to be 1 day per tick, but instead it is 2 days per tick.
Is there a way to format the x-axis to follow the span?
Maybe specifying something "manually" to alter the x-axis would also be fine.
Thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay rather than this you can use
|bucket _time span=1d|timechart count. This will always show 1 day interval not two days
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does this help?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does, thanks! I think it would be great if some of these features available through the advancedXML would also be possibly through the regular panel UI.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The table represents 1 day periods and the results are in 1 day periods if I hover over the chart, but its the x-axis that shows larger intervals.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you select to view the data as a table instead of a chart (using the buttons just above and to the left of the chart), do the columns in the table represent 1 day or 2 day periods? If 1 day then the data is correct but something is skewing your chart view, such as screen resolution / browser window size...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The time span in this case is 7 days, which gives me the ticks that are 2 days apart. In another case I need the chart to cover a month in which case the ticks are 7 days apart, which doesn't work out for me either.
Sadly I can't change the time span of the searches to be less.
If only it was possible to specify "Major unit" for x-axis in the dashboard as it is possible for the y-axis.
I'm afraid I need every day to appear on the chart regardless of the results on the given day. Thanks though
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the time span for your search? If it is too large to display the data at 1 day per column (for example) then it will combine the columns to cover multiple days. A smaller time span will likely change the chart to display the data as you like. (Of course, you might already know this or are having other issues.)
The other thing you can do is to filter the results to show only the results where the value is above a certain threshold to reduce the amount of noise in the chart.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
New in Observability Cloud - Explicit Bucket Histograms
