Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to change timechart data points to reflect full timestamp instead of date_hours

jonleach
New Member
‎07-19-2019 06:47 AM

Disclaimer - very green to Splunk

My timechart is built with the following

$search | timechart avg(date_hour) by date_mday

And the chart itself looks fine but because im only asking for date_hour each point only reflects the hour portion of each log's time stamp. Can I change my query so the alt text for each data point on the chart reflect the full time stamp?

Also, my x axis properly sorts point by day but my y axis bounds are off - can I set the max and min myself?

THANK YOU

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jawaharas
Motivator
‎07-21-2019 11:07 PM

Try 'span' keyword in 'timechart' command

<base_search>
| timechart span=1h avg(field_name)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jawaharas
Motivator
‎07-21-2019 11:07 PM

Try 'span' keyword in 'timechart' command

<base_search>
| timechart span=1h avg(field_name)
0 Karma
Reply
Solved! Jump to solution

jonleach
New Member
‎07-22-2019 06:41 AM

Adding span gets me exactly what I needed, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...