Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Plot graph using timechart

hikari992
Explorer
‎05-14-2013 08:56 AM

Hi everyone, I'm quite new to splunk. I'm trying to plot a graph using timechart with starting time of the event and the ending time of the event.

This is my search query:


sourcetype="Traffic" | stats earliest(_time) as startOfEvent latest(_time) as endOfEvent range(_time) as duration by Message

This is the return result from the query:

Message | startOfEvent | endOfEvent| duration

msg1 | 1368457298 | 1368459923 | 2625

msg2 | 1368457298 | 1368457821 | 523

How can i turn this into a timechart?

Any help is appreciated.
Thanks!

0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎05-14-2013 10:52 AM

If you could include some metrics you would like, it might be easier to show you specifics. But the general format is:

sourcetype="Traffic" | timechart count by Message span=5m

This will show the count by Message over time.

http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Timechart

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...