Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

The automatic timechart range changed after upgrading from Splunk 6.3.1 to 6.3.3. What can we set to revert to the old behavior?

johnraftery
Communicator
‎02-17-2016 04:38 AM

We have certain source types where there is only data from months ago. When putting this into a timechart, the chart was smart enough to see that it didn't need to display months of nothing, so the earliest and latest end of the chart were set to the earliest and latest times of the data. That was in 6.3.1. We've just upgraded to 6.3.3, and this is no longer working. Now, the chart shows everything from the start of the data until now, which is not useful at all. Is there a flag or something that we can set to revert to the old behavior?

Many thanks,
John Raftery

0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎02-17-2016 05:06 AM

Have you had a look at the fixedrange argument for timechart? The description sounds interesting:

Specify whether or not to enforce the earliest and latest times of the search. Setting fixedrange=false allows the timechart command to constrict to just the time range with valid data.
0 Karma
Reply

johnraftery
Communicator
‎02-17-2016 06:18 AM

Thanks for pointing me towards fixedrange - this seems related to what I need. In the end though it just puts all of my data into one bin. This is my query:
eventtype=mlc sourcetype=vmstat-linux host=DBS_TEST_engine_profiler4 | timechart fixedrange=false bins=100 avg(cpu_used) by source
Interestingly, if I change bins=100 into span=1m, it produces what I want. However, I can't use span=1m because often there would be too many points to display - when the time range is too long.

0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎02-17-2016 06:29 AM

Hm, that's interesting. I must admit I've had my share of weird moments with timechart (with bins and span in particular). Is there any other setting you could use, e.g. minspan, that might help splunk identify the right bin size on its own without the need for bins? timechart really has a host of options. Unfortunately, I can't pinpoint the appropriate setting for you right off the bat.

0 Karma
Reply

johnraftery
Communicator
‎02-18-2016 08:41 AM

Ok, thanks anyway.

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...