Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Set x-axis interval

ZaugustZ
Explorer
‎10-02-2013 01:48 AM

Hi Everyone ,

Newbie here, Please help me how to set interval for my line graph Example. I have last 24hrs search and it will display every hour in the x-axis, what i wanted to do is just to display every 3 hours in the x-axis label ex. 3am 6am 12pm 3pm. Please help me how to do that.

Thanks in Advanced!

Tags (1)
Reply

jlord
Explorer
‎06-26-2014 10:55 PM

timechart has a span parameter that can be set to a time value - for example,

... | timechart count span=3h

However, timechart seems to be optimized for display and can override your requested span value if you set it to an extreme value. You can get around this by using a combination of bucket and chart. Bucket sets the time values to the right values, then you chart over time:

... | bucket _time span=3h | chart count over _time

Generally I use #1 until it does not work well in a situation -- then I use #2.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎06-26-2014 10:46 PM

Hi ZaugustZ,

try something like this:

  your base search | timechart span=3h .......

this will group your timechart results into 3 hours buckets. See the docs for more details about timechart search command.

cheers, MuS

Reply

xisura
Communicator
‎06-26-2014 08:36 PM

hahaha if only we could switch 🙂

0 Karma
Reply

chrisdopuch
Path Finder
‎06-23-2014 11:25 AM

That's weird, the default behavior for me with a timechart is to group it into 4 hour increments, and I want it to do every hour! If only we could switch our situations.

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...