Solved: Overlaping Days with Timecharts

achudnoff · ‎09-15-2011

I'm looking to make a line chart that has several days over data superimposed over each other so that I can see the trend of an event over the course of a day.

Currently my Search term is:

index="prd_common_events" EventName="ExceptionEventETL" | timechart span=1h count by date_mday

When I set it to 7 days, it gives me each of the days in a different color. Is there a way I can offset them so they are all rendered on the same graph of 24 hours?

Ayn · ‎09-15-2011

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday

View solution in original post

Ayn · ‎09-15-2011

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday

Overlaping Days with Timecharts

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...