Solved: Time Format change for timechart

hartfoml · ‎07-24-2012

I am using timechart to build a graph for the last 7 days. the chart by default uses _time as the format for the Graph. I would like the output to only show timeformat="%A" Day of the week format

Can you help? I have this code

| timechart span=1d sum(mb) by limit=10 hostname usenull=f useother=f

yannK · ‎07-24-2012

convert _time to day after the timechart, but keep the sort by _time, then remove the column.



 * | timechart span=1d count by source | convert timeformat="%d" ctime(_time) AS day | sort _time | fields - _time | table day *

View solution in original post

yannK · ‎07-24-2012

convert _time to day after the timechart, but keep the sort by _time, then remove the column.



 * | timechart span=1d count by source | convert timeformat="%d" ctime(_time) AS day | sort _time | fields - _time | table day *

Time Format change for timechart

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

Time Format change for timechart

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers