Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monthly Graph not showing proper value on X axis

hanibans
New Member
‎08-12-2019 04:23 AM

I am creating monthly chart using splunk timechart query as shown below:

index="sample_audit_log" | timechart span=1mon dc(username) as TOTAL_USERS

In statistics tab, results are showing proper months like 2019-07, 2019-08 but in visualization line chart, months are displaying wrong date June 30, 2019 6:30 PM and July 30, 2019 6:30 PM respectively.

In Statistics Tab:
alt text

In Visualization Tab:
alt text

It is displaying wrong date for every month. Example for July month, it is showing 30th June date.

Any suggestions would really be helpful and appreciable.

Preview file
7 KB
Preview file
14 KB
0 Karma
Reply

niketn
Legend
‎08-12-2019 09:43 AM

@hanibans what is the timezone of logged in user? Can you set the same to UTC and see?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

Sukisen1981
Champion
‎08-12-2019 09:04 AM

hi @hanibans
This is weird, yet your screen shot supports your statement. Assuming you have access to the _audit index, can you please run this query as is for all time range or last 3 months and tell us if you still see the same issue?

index="_audit" | timechart span=1mon dc(action) as TOTAL_ACTIONS
0 Karma
Reply

hanibans
New Member
‎08-12-2019 12:04 PM

@Sukisen1981 I am facing same issue for longer time duration. I tried running same query for 3 months and 6 months.

On Mouse hover, it is showing date of last month.

0 Karma
Reply

Sukisen1981
Champion
‎08-12-2019 12:08 PM

uhh @hanibans - check out what @niketnilay says , the reason i asked you to try this was I was doubting what niket is saying, doesn't look like an issue with search duration, try tinkering with the timezones

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...