Modifying Timeline Scale

g3s1oa · ‎12-09-2010

Is there a way to specify the scale of the time chart when performing a search.

For instance, if you perform a search over 4 hours it seems to set the scale of each bar to 1 hour, but below 4 hours and it sets the scale to minutes.... I'd like to perform a search that is over the last 24 hours with each timeline bar equal to 1 minute.

Thanks! -Matt

coolburner1337 · ‎06-07-2017

push

We have the same need. Please help! It's urgent 😕

Kind regards

richgalloway · ‎06-07-2017

You're responding to a thread that is more than six years old so it's unlikely to get a reply. You should post a new question.

---
If this reply helps you, an upvote would be appreciated.

donleedman · ‎04-23-2013

is there any update to this. It would be a good thing to be able to adjust the flash timechart based on what time scale I want.

ftk · ‎12-09-2010

Take a look at the documentation for the timechart command. You can define the bucketing you want using the span parameter as such:

your search | timechart span=1m count by my_field

ftk · ‎12-10-2010

To my knowledge there is no way to modify that, as the time ranges and spans are calculated on the fly based on the timespans displayed.

g3s1oa · ‎12-09-2010

Yes, sorry for the confusion. I'm talking about the flash timechart at the top of the results screen and below the query bar. Is there a way to modify that?

ftk · ‎12-09-2010

Oh, are you talking about the flash timechart that is displayed every time you do a search? The timechart command is a reporting command.

g3s1oa · ‎12-09-2010

That seems to replace the results with the count of the number of events for each minute... Can I keep the individual results in the main viewing window, but change the timeline granularity?

Modifying Timeline Scale

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >