timechart does not dis play the error

splunkpoornima · ‎11-21-2012

hi all ,

I used the below query ..but i am not getting the timechart its shows

field '_time' should have numerical values

i have used the tonumber and auto function ..still i am getting error

Thanks

Poornima

Ayn · ‎11-22-2012

What's the idea of having the table command there?! That's what's causing your error. table will implicitly convert the _time value to something humanly readable, which is incompatible with what timechart expects.

Drainy · ‎11-22-2012

Splunkpoornima, please please please stop reposting questions, let it flow and grow within the one question! http://splunk-base.splunk.com/answers/66695/timechart-errror It just confuses things if others search for answers in the future and people trying to help won't know what you've already been told!

Ayn · ‎11-22-2012

There you go - your stats at the end of the second saved search will remove the _time field altogether.

splunkpoornima · ‎11-22-2012

savedsearch -searchduration has the query

source="taskmanager_log.txt"|transaction TaskBP startswith=START endswith=Succeeded

savedsearch -searchavgduration has the query

source="task.txt"| transaction TaskBP startswith=START endswith=Succeeded|stats avg(duration) as Avgduration by TaskBP

Ayn · ‎11-22-2012

Well what is the output of the saved search?

splunkpoornima · ‎11-22-2012

hi ayn,

i tried without using the table command also but again it shows the same error as above

timechart does not dis play the error

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!