Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Overlaping Days with Timecharts

achudnoff
Explorer
‎09-15-2011 10:44 AM

I'm looking to make a line chart that has several days over data superimposed over each other so that I can see the trend of an event over the course of a day.

Currently my Search term is:

index="prd_common_events" EventName="ExceptionEventETL" | timechart span=1h count by date_mday

When I set it to 7 days, it gives me each of the days in a different color. Is there a way I can offset them so they are all rendered on the same graph of 24 hours?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎09-15-2011 11:12 AM

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎09-15-2011 11:12 AM

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday
Reply
Get Updates on the Splunk Community!

Let’s Talk Terraform

If you’re beyond the first-weeks-of-a-startup stage, chances are your application’s architecture is pretty ...

Cloud Platform | Customer Change Announcement: Email Notification is Available For ...

The Notification Team is migrating our email service provider. As the rollout progresses, Splunk has enabled ...

Save the Date: GovSummit Returns Wednesday, December 11th!

Hey there, Splunk Community! Exciting news: Splunk’s GovSummit 2024 is returning to Washington, D.C. on ...