Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timechart event result variations with time range picker

jamesboustead
Explorer
‎01-06-2021 03:09 AM

I am using the same timechart search query:

'search

| timechart span=1d sum(xxx)"

when I set the time range picker to yesterday preset (05/01/2021) I get a value of 20,000,000,000, however when I change the time range picker to week to date and view the stats table the value for 05/01/2021 is giving a completely different result (less than half the original value) - why is this?

 

Labels (1)
Labels
Tags (3)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎01-06-2021 04:26 AM

Hi @jamesboustead,

This is not expected behaviour.  Do you see any error on "Job" section after running search? Or can you share a screenshot of event count indicator just below search bar? What do you see as event count and time-range?

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

jamesboustead
Explorer
‎01-06-2021 05:11 AM

Hi @scelikok 

Getting no errors come up under the jobs section.

Please see screenshots of both event count indicators below:

image001.png

image002.png

It seems the second image for the week to date isn't picking up all the events it should, I'm not sure why,

 

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...