- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- monthly timechart of a full year
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to plot data in a timechart with a span of 1 month. I run the search for the last 12 months until now, but as I only have data from the last 4 months, Splunk snaps the graph to those last months (this only occurs when I convert the simple XML to the advanced mode).
Is there any way to specify a range of 12 months in the X axis?? I was only able to set a fix date as a start and end date, but not a relative one....
This is my XML:
<earliestTime>-12mon@mon</earliestTime>
<latestTime>@mon</latestTime>
<module name="ViewstateAdapter">
<param name="suppressionList">
<item>charting.axisLabelsX.majorUnit</item>
<item>charting.fieldColors</item>
<item>charting.chart</item>
<item>charting.axisTitleX.text</item>
</param>
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.axisLabelsX.majorUnit">P0Y1M0DT0H0M0S</param>
<param name="charting.chart">column</param>
<param name="charting.axisTitleX.text">Month</param>
<module name="FlashChart">
<param name="width">100%</param>
<module name="Gimp"/>
<module name="ConvertToDrilldownSearch">
...
..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please set the time range in the search statement.
・・・・・・ earliest=-12mon@mon latest=@mon ・・・・・・|timechart ・・・・・・
However, I do not erase the warning.Sorry
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please set the time range in the search statement.
・・・・・・ earliest=-12mon@mon latest=@mon ・・・・・・|timechart ・・・・・・
However, I do not erase the warning.Sorry
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
would it be possible to get rid of this "warning" now?
'Your timerange was substituted based on your search string'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it worked!! you are the man!! type it as an aswer and I will approve it 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could it be there is a bug on a combination of time chart and extension XML. What happens if you would embed a time range in the search statement?
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
