Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Set x-axis interval

ZaugustZ
Explorer
‎10-02-2013 01:48 AM

Hi Everyone ,

Newbie here, Please help me how to set interval for my line graph Example. I have last 24hrs search and it will display every hour in the x-axis, what i wanted to do is just to display every 3 hours in the x-axis label ex. 3am 6am 12pm 3pm. Please help me how to do that.

Thanks in Advanced!

Tags (1)
Reply

jlord
Explorer
‎06-26-2014 10:55 PM

timechart has a span parameter that can be set to a time value - for example,

... | timechart count span=3h

However, timechart seems to be optimized for display and can override your requested span value if you set it to an extreme value. You can get around this by using a combination of bucket and chart. Bucket sets the time values to the right values, then you chart over time:

... | bucket _time span=3h | chart count over _time

Generally I use #1 until it does not work well in a situation -- then I use #2.

0 Karma
Reply

MuS
Legend
‎06-26-2014 10:46 PM

Hi ZaugustZ,

try something like this:

  your base search | timechart span=3h .......

this will group your timechart results into 3 hours buckets. See the docs for more details about timechart search command.

cheers, MuS

Reply

xisura
Communicator
‎06-26-2014 08:36 PM

hahaha if only we could switch 🙂

0 Karma
Reply

chrisdopuch
Path Finder
‎06-23-2014 11:25 AM

That's weird, the default behavior for me with a timechart is to group it into 4 hour increments, and I want it to do every hour! If only we could switch our situations.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...
Top