Splunk Search

how to remove dot in timechart?

karthi2809
Builder

index=xxx source="udp:4005" |eval startTime = strptime(TransactionStartTime,"%FT%T.%3N%Z") | eval endTime = strptime(TransactionEndTime,"%FT%T.%3N%Z")| eval responseTime=round(((endTime-startTime)),3)|timechart avg(responseTime) by OperationName usenull=f useother=f

Tags (1)
0 Karma

niketn
Legend

You can edit panel and choose how to handle null values. If you are plotting area chart as per your screenshot. You currently have the Null Values in your timechart treated as Gaps, you can change the same to Zero (equivalent of writing fillnull command) or else mark as Connect (which is equivalent of writing filldown command).

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

@karthi2809 were you able to try the solution? Did it work for you?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Those dots are single data points for getEobByUid, without neighbouring data points to form a solid area.

What do you want to see instead of single data points?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...