Dates cluttered in X-axis

freephoneid · ‎10-12-2011

Hi,

I've column chart which uses below query:

index=test | stats last(_time) AS time by customerid | convert timeformat="%Y-%m-%d" ctime(time) AS datetime | stats count(customerid) by datetime

The above chart works fine & displays dates on X-axis. I've also added timerangepicker drop-down so that it displays the results based on the date range selected in drop-down. However, if I select "Last 30 Days", then the dates on X-axis become all cluttered & does not look good.

Is there any way I can show only certain dates whenever I select large time range (just like timechart)??

If this is not possible, how can I convert above query to use the timechart so that it won't clutter the dates?

Thanks!

woodcock · ‎05-29-2015

You are correct, the only good way to get flexible ("nice") automatically adjusting X-axis labels for times is to use timechart. Try something like this:

 index=test | timechart span=1h dc(customerid)

Or maybe this:

 index=test | timechart span=1h count

BTW, when I do things like this, I create a simple XML form with 2 controls: Chart Timespan/Width (which is the timepicker repackaged) and Interval-Span/Bucket-Size which is the span=1h part with hard-coded options like this:
5 minutes
15 minutes
30 minutes
1 hour
2 hours
6 hours
1 day

Dates cluttered in X-axis

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...