Splunk Search

Overlaping Days with Timecharts

achudnoff
Explorer

I'm looking to make a line chart that has several days over data superimposed over each other so that I can see the trend of an event over the course of a day.

Currently my Search term is:

index="prd_common_events" EventName="ExceptionEventETL" | timechart span=1h count by date_mday

When I set it to 7 days, it gives me each of the days in a different color. Is there a way I can offset them so they are all rendered on the same graph of 24 hours?

Tags (2)
0 Karma
1 Solution

Ayn
Legend

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday

View solution in original post

Ayn
Legend

Instead of timechart you can use chart and have it chart over date_hour to get per-hour stats for each of your weekdays.

index="prd_common_events" EventName="ExceptionEventETL" | chart count over date_hour by date_wday
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...