Splunk Search

How to use elapsed time as X axis scale

anmouer
New Member

My data

Send_DataErrorAll_Request
2018-01-02010
2018-01-03160
2018-01-04230
2018-01-05020
..........
2021-02-01520

I want to make  chart from those data.
The x-axis is the number of weeks passed.The y-axis is the error rate during this week

This is the effect i want

chart.png

The data used in the first week is 2018-01-03->2018-01-09.The y-axis is made using all Error/All_Request in this time period.

The data used in the second week is 2018-01-10->2018-01-16 and so on.

I have used many methods, but they can’t be achieved.

 

 

Labels (1)
0 Karma

tscroggins
Influencer

@anmouer 

The timechart command span option supports binning by week (Sunday through Saturday):

index=_internal
| timechart span=1w@w count(eval(case(log_level=="ERROR",1))) as Error count as All_Request

_timeErrorAll_Request
2020-12-271123
2021-01-032456
2021-01-103789
2021-01-172123
2021-01-241456
2021-01-312789
2021-02-073123
2021-02-144456
2021-02-212789
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...