Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

timechart not showing any result while tstat does

unitrium
Explorer
‎09-21-2020 07:29 AM

Hi ,

I'm trying to build a single value dashboard for certain metrics. I would like to put it in the form of a timechart so I can have a trend value.

However this search gives me no result :

 

 

 

| tstats `summariesonly` min(_time) as firstTime,max(_time) as lastTime,count from datamodel=Vulnerabilities.Vulnerabilities by Vulnerabilities.signature,Vulnerabilities.dest, Vulnerabilities.severity | `drop_dm_object_name("Vulnerabilities")` | where firstTime!=lastTime AND severity!="informational" | eval age=round((lastTime-firstTime)/86400) | timechart span=30d avg(age) by lastTime

 

 

 


Which is strange because I feel like this command is almost the same :

 

 

 

| tstats `summariesonly` min(_time) as firstTime,max(_time) as lastTime,count from datamodel=Vulnerabilities.Vulnerabilities by Vulnerabilities.signature,Vulnerabilities.dest, Vulnerabilities.severity | `drop_dm_object_name("Vulnerabilities")` | where firstTime!=lastTime AND severity!="informational" | eval age=round((lastTime-firstTime)/86400) | bucket lastTime span=30d | stats avg(age) by lastTime

 

 

 

And this one returns me the results that I want. Could anybody help me out getting a timechart out of this ?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-21-2020 07:37 AM

timechart is looking to use _time so try

... | eval age=round((lastTime-firstTime)/86400) | eval _time=lastTime | timechart span=30d avg(age)

 

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-21-2020 07:37 AM

timechart is looking to use _time so try

... | eval age=round((lastTime-firstTime)/86400) | eval _time=lastTime | timechart span=30d avg(age)

 

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...