<yourSearch> | bin span=20m _time| eval Time=strftime(_time,"%H:%M") | stats field BY Time | rename Time as [| makeresults | eval str=strftime(_time,"\"%m/%d\"") |return $str]
The subsearch should produce mm/dd of the date you run the search on and display as the X-Axis label
<yourSearch> | bin span=20m _time| eval Time=strftime(_time,"%H:%M") | stats field BY Time | rename Time as [| makeresults | eval str=strftime(_time,"\"%m/%d\"") |return $str]
The subsearch should produce mm/dd of the date you run the search on and display as the X-Axis label
Ah, yes. Replace | makeresults with an event-generating search then. Example: search index=_internal | head 1. All you need is one event, otherwise you won't have the correct _time value. Sorry 'bout that!
@knarayana, can you give your final transforming command which plots Date on x-axis? Also what do you mean by Dynamically field name from search? Can you give details and example?
@knarayana, are you using a Time Picker input control in your dashboard? Or Date for your searches are static?
Also are users supposed to select only one day's data? Or can it be more than a day as well? For example it is it a week's data what would you display as x-axis label?
Can give an example (made-up) search and let us know what you want your graph to look like, because I don't understand what you are trying to do.
Say, you are running a search like somesearch | timechart sum(field) by someOtherField, the x-axis label will be "_time", with the appropriate intervals printed along the x-axis. If you add | rename _time as "Date/Time", the label will say "Date/Time" instead.
This is exactly what my example looks like.
but x-axis should display the date i run the search for
so, if i do a search for today. x-axis should show me that date(09/15) instead of _time
