Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Set x-axis interval

ZaugustZ
Explorer
‎10-02-2013 01:48 AM

Hi Everyone ,

Newbie here, Please help me how to set interval for my line graph Example. I have last 24hrs search and it will display every hour in the x-axis, what i wanted to do is just to display every 3 hours in the x-axis label ex. 3am 6am 12pm 3pm. Please help me how to do that.

Thanks in Advanced!

Tags (1)
Reply

jlord
Explorer
‎06-26-2014 10:55 PM

timechart has a span parameter that can be set to a time value - for example,

... | timechart count span=3h

However, timechart seems to be optimized for display and can override your requested span value if you set it to an extreme value. You can get around this by using a combination of bucket and chart. Bucket sets the time values to the right values, then you chart over time:

... | bucket _time span=3h | chart count over _time

Generally I use #1 until it does not work well in a situation -- then I use #2.

0 Karma
Reply

MuS
Legend
‎06-26-2014 10:46 PM

Hi ZaugustZ,

try something like this:

  your base search | timechart span=3h .......

this will group your timechart results into 3 hours buckets. See the docs for more details about timechart search command.

cheers, MuS

Reply

xisura
Communicator
‎06-26-2014 08:36 PM

hahaha if only we could switch 🙂

0 Karma
Reply

chrisdopuch
Path Finder
‎06-23-2014 11:25 AM

That's weird, the default behavior for me with a timechart is to group it into 4 hour increments, and I want it to do every hour! If only we could switch our situations.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Top