Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Overlaping Days with Timecharts

achudnoff
Explorer
‎09-15-2011 10:44 AM

I'm looking to make a line chart that has several days over data superimposed over each other so that I can see the trend of an event over the course of a day.

Currently my Search term is:

index="prd_common_events" EventName="ExceptionEventETL" | timechart span=1h count by date_mday

When I set it to 7 days, it gives me each of the days in a different color. Is there a way I can offset them so they are all rendered on the same graph of 24 hours?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎09-15-2011 11:12 AM

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎09-15-2011 11:12 AM

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday
Reply
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...