Timechart event result variations with time range ...

jamesboustead · ‎01-06-2021

I am using the same timechart search query:

'search

| timechart span=1d sum(xxx)"

when I set the time range picker to yesterday preset (05/01/2021) I get a value of 20,000,000,000, however when I change the time range picker to week to date and view the stats table the value for 05/01/2021 is giving a completely different result (less than half the original value) - why is this?

scelikok · ‎01-06-2021

Hi @jamesboustead,

This is not expected behaviour. Do you see any error on "Job" section after running search? Or can you share a screenshot of event count indicator just below search bar? What do you see as event count and time-range?

If this reply helps you an upvote and "Accept as Solution" is appreciated.

jamesboustead · ‎01-06-2021

Hi @scelikok

Getting no errors come up under the jobs section.

Please see screenshots of both event count indicators below:

It seems the second image for the week to date isn't picking up all the events it should, I'm not sure why,

Thanks

Timechart event result variations with time range picker

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation