Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Timechart over one Month 01.-31.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Timechart over one Month 01.-31.
I want to design a new timechart dashboard panel based on a specific search over exact 1 Month (or 30 days)
My search looks like:
sourcetype=”XXX” | timechart count by attack_type
I want the x – axis be formatted like 01.12.15 – 31.12.15 not matter if I got logs > to create a monthly pdf of my dashboard
Similar like this: https://answers.splunk.com/storage/temp/51200-missingdata-20150811.jpg
How can I do this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want the timeranges to be in cluded in your search, you can use the now() feature to calculate the needed start and end dates.
If your report shall reflect the current month, you can use a search string as follows:
sourcetype="xxx" earliest="@mon" latest="+1mon@mon"
| timechart span=1d count by attack_time
Same would go for the last month:
sourcetype="xxx" earliest="1-mon@mon" latest="@mon"
| timechart span=1d count by attack_time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sourcetype="xxx" earliest="@mon" latest="+1mon@mon"
| timechart span=1d count by attack_time
shows also the range from 05.Nov-12.Nov >> I don´t understand this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Set the timrangepicker to select the period/month you want to look at (Date Range -> Between -> select the dates)
Or use the advanced options in the timerange picker:
To see the current month set earliest=-1mon@mon latest=@mon
To see the previous month set earliest=@mon latest=now
sourcetype="xxx"
| timechart span=1d count by attack_time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
earliest=-1mon@mon latest=now >> shows 01-12.Nov.
But after a few seconds the range from 05.11-12.11 >> I don´t understand this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any event with a timestamp <5.11?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I got a few events in Oktober but none in November <05.11
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are searching the range 1.11 - 31.11, and there is no value to show for 1.11 - 4.11. That's why you don't see values here
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
