I did this search on splunk:
index=esi_svc svc_top=1 earliest=10/19/2017:0:0:0 latest=10/19/2017:23:59:0
|eval erro=if(NOT isnull(svc_exception),1,0)
|bucket _time span=10M
|eval time=strftime(_time,"%H:%M")
|eval day = strftime(_time,"%d")
|stats count as b sum(erro) as tot by time day
| eval "19/10" = if(day=19,round((tot/b)*100,4),NULL)
|table "time" "19/10"
I want to have all the bars (referents to 10min) but in x-labels only appear when the hour changes.
Thanks
To create a chart over time, consider using timechart
: http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/timechart
Your search would look something like this:
index=esi_svc svc_top=1 earliest=10/19/2017:0:0:0 latest=10/19/2017:23:59:0
| timechart span=10m count count(svc_exception) as errors
| eval error_rate = round((errors / count)*100,4)
| fields - count errors
The chart rendered from this will automatically pick only a few time labels to display.