How to add the multiple timelines into one timelin...

RENUKA1 · ‎11-30-2023

Hello All,
I need to convert the Timeline with different times into one.
For example:
12:05AM 12:10AM 12:15AM should be taken as 12AM
1:05AM 1:10AM 1:15AM should be taken as 1AM and vice versa.

Can you please help me to write a query for this.

Timeline

Top 10 Values

Count	%
01:10:02 AM	2	0.368%
01:20:02 PM	2	0.368%
01:30:02 AM	2	0.368%
01:35:02 PM	2	0.368%
01:45:02 PM	2	0.368%
01:50:02 AM	2	0.368%
02:05:02 PM	2	0.368%
02:10:02 PM	2	0.368%
02:40:02 PM	2	0.368%
03:05:02 PM

Thank you.

RENUKA1 · ‎12-06-2023

@bowesmana Thanks for help
but I need the output in AM and PM sequence.Here is my actual output

01:00:02 AM	9.14
01:00:02 PM	12.06
01:05:02 AM	10.00
01:05:02 PM	11.17
01:10:02 AM

I except the output to be in first all the AM time should be display and followed by PM

01:00:02 AM	9.14
01:00:02 AM	12.06
01:05:02 AM	10.00
01:05:02 PM	11.17
01:10:02 PM

yuanliu · ‎12-07-2023

This is confusing. The order of output is determined by the order in which your data comes back from index search, not altered by bin command that @bowesmana suggests. If your data input is not ordered, simply sort your data.

| bin _time span=1h
| sort _time

bowesmana · ‎11-30-2023

Use the bin command, e.g.

| bin _time span=1h

How to add the multiple timelines into one timeline.

Timeline

eval

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms