Set x-axis interval

ZaugustZ · ‎10-02-2013

Hi Everyone ,

Newbie here, Please help me how to set interval for my line graph Example. I have last 24hrs search and it will display every hour in the x-axis, what i wanted to do is just to display every 3 hours in the x-axis label ex. 3am 6am 12pm 3pm. Please help me how to do that.

Thanks in Advanced!

jlord · ‎06-26-2014

timechart has a span parameter that can be set to a time value - for example,

... | timechart count span=3h

However, timechart seems to be optimized for display and can override your requested span value if you set it to an extreme value. You can get around this by using a combination of bucket and chart. Bucket sets the time values to the right values, then you chart over time:

... | bucket _time span=3h | chart count over _time

Generally I use #1 until it does not work well in a situation -- then I use #2.

MuS · ‎06-26-2014

Hi ZaugustZ,

try something like this:

  your base search | timechart span=3h .......

this will group your timechart results into 3 hours buckets. See the docs for more details about timechart search command.

cheers, MuS

xisura · ‎06-26-2014

hahaha if only we could switch 🙂

chrisdopuch · ‎06-23-2014

That's weird, the default behavior for me with a timechart is to group it into 4 hour increments, and I want it to do every hour! If only we could switch our situations.

Set x-axis interval

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!