Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Set x-axis interval

ZaugustZ
Explorer
‎10-02-2013 01:48 AM

Hi Everyone ,

Newbie here, Please help me how to set interval for my line graph Example. I have last 24hrs search and it will display every hour in the x-axis, what i wanted to do is just to display every 3 hours in the x-axis label ex. 3am 6am 12pm 3pm. Please help me how to do that.

Thanks in Advanced!

Tags (1)
Reply

jlord
Explorer
‎06-26-2014 10:55 PM

timechart has a span parameter that can be set to a time value - for example,

... | timechart count span=3h

However, timechart seems to be optimized for display and can override your requested span value if you set it to an extreme value. You can get around this by using a combination of bucket and chart. Bucket sets the time values to the right values, then you chart over time:

... | bucket _time span=3h | chart count over _time

Generally I use #1 until it does not work well in a situation -- then I use #2.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎06-26-2014 10:46 PM

Hi ZaugustZ,

try something like this:

  your base search | timechart span=3h .......

this will group your timechart results into 3 hours buckets. See the docs for more details about timechart search command.

cheers, MuS

Reply

xisura
Communicator
‎06-26-2014 08:36 PM

hahaha if only we could switch 🙂

0 Karma
Reply

chrisdopuch
Path Finder
‎06-23-2014 11:25 AM

That's weird, the default behavior for me with a timechart is to group it into 4 hour increments, and I want it to do every hour! If only we could switch our situations.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...