Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set x axis time interval for line chart every 1h?

Anud
Path Finder
‎09-21-2022 07:05 AM

HI Team,

I am getting 2 hr time span only if i mentioned the 1 or 3 or 4 hours span too in the visualization line chart.
Running below command gives correct time 1hr span but in the visualization facing the issue. attached the reference.

index="xx" * "*"
|eval Day case(like(Date,"%22-AUg-22"),"work",like(Date,"%23-AUg-22"),"work",like(Date,"%24-AUg-22"),"week",like(Date,"%25-AUg-22"),"week",1=1,Day) |timechart span=1h max(YYY) by Day



Anud_0-1663768947297.png

 

Thanks in Advance. 

Labels (1)
Labels
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎09-21-2022 09:29 AM
I am getting 2 hr time span only if i mentioned the 1 or 3 or 4 hours span too

Can you explain more what this means?  Maybe some examples where you didn't get 1-hour span and why you believe the code should give 1-hour span? (Also, what is the relationship between getting 2-hour span to the subject line of set time interval every 1hr? What should we look for in the screenshot?)

timechat span=1h always gives 1-hr span on time axis; if your data come in intervals larger than 1 hour, or if certain hours do not have data, you'll get gaps that you must fill in some manner.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...