That will graph the count of each occurrence of time in the data set based on the date.
What I was trying to achieve was to graph the values of each event in the dataset above. In the end, I realised that when I was using strftime, I used "%H:%M" the colon was causing issues with the graph interpreting the values. Removing the colon from my strftime string allowed a bit of a better result. My final query was:
index=*
| eval time = strftime(_time, "%H%M")
| eval date = strftime(_time, "%F")
| chart values(time) by date, ValueField
This basically charts the values in decimal format I.e. 1:10 as opposed to 23:59. I was looking at creating an app for this when I get time. I'll post a link to the app when/if I finish it.
On a side note, the nice thing about the chart function (as opposed to timechart) is that it allows you to specify the row and column header fields through the "by" function. In the chart example above, date represents each row whereas ValueField represents each column.
... View more