Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- x-axis to display 3hours interval
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HelpMePlease
Explorer
07-20-2013
09:52 PM
I had a x-axis displayed over date_hour. 00,01,02... Is is possible to change it to display on a 3hour basis (00,03,06).
My search query
sourcetype="CurrentWeatherSGMap" Message="Yishun" earliest=@d latest=-0m@m | eval 24-hour=strftime(_time,"%H") | eval Description=case(current_summary="Cloudy", "Fair",current_summary="Rain", "Poor",current_summary="Showers","Poor",current_summary="Passing Showers","Poor",current_summary="Thundery Showers","Poor", current_summary="Partly Cloudy", "Excellent") | chart dc(Description) over 24-hour by Description | eval Fair=if(Excellent==1,"1",Fair) | eval Poor=if(Description==Poor, "1", "1")
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HelpMePlease
Explorer
07-21-2013
06:11 PM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HelpMePlease
Explorer
07-21-2013
06:11 PM
Solved using bucket _time span=3h | eval _time=strftime(_time,"%H")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
clymbouris
Path Finder
07-20-2013
10:27 PM
You can make a timechart. Something like..
search... | timechart span=3h count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HelpMePlease
Explorer
07-21-2013
07:54 AM
thanks !!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
linu1988
Champion
07-21-2013
07:43 AM
Use bucket _time span=3h
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HelpMePlease
Explorer
07-21-2013
06:35 AM
If I have a chart, how can I do that ?
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Index This | How many sevens are there between 1 and 100?
August 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...
What Is Splunk? Here’s What You Can Do with Splunk
Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...
