Disclaimer - very green to Splunk
My timechart is built with the following
$search | timechart avg(date_hour) by date_mday
And the chart itself looks fine but because im only asking for date_hour each point only reflects the hour portion of each log's time stamp. Can I change my query so the alt text for each data point on the chart reflect the full time stamp?
Also, my x axis properly sorts point by day but my y axis bounds are off - can I set the max and min myself?
THANK YOU
Try 'span' keyword in 'timechart' command
<base_search>
| timechart span=1h avg(field_name)
Try 'span' keyword in 'timechart' command
<base_search>
| timechart span=1h avg(field_name)
Adding span gets me exactly what I needed, thanks!