Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Timechart graph cuts off data

johandk
Path Finder
‎04-04-2012 01:12 AM

I'm running a search like this:

index=summary splunk_server=local search_name=SOMESEARCH earliest=-1mon@mon latest=@mon | timechart span=1h sum(count) as Total

and plotting it on a graph. The search works fine and all the data is there but when I create a graph or put this in a dashboard the graph only show data up until the 21st of the month??

This worked perfectly fine on 4.2.3 but not working now on 4.3?

Anybody come across this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

johandk
Path Finder
‎04-29-2012 12:29 AM

http://docs.splunk.com/Documentation/Splunk/latest/Developer/AdvancedCharting

From the docs:

For performance reasons, the JSChart module truncates search result data sets that are too large. The exact limits that trigger this truncation depend on the browser being used as well as the charting configuration.

I switch to using the FlashChart module instead and now everything works 100%...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

johandk
Path Finder
‎04-29-2012 12:29 AM

http://docs.splunk.com/Documentation/Splunk/latest/Developer/AdvancedCharting

From the docs:

For performance reasons, the JSChart module truncates search result data sets that are too large. The exact limits that trigger this truncation depend on the browser being used as well as the charting configuration.

I switch to using the FlashChart module instead and now everything works 100%...

0 Karma
Reply
Solved! Jump to solution

johandk
Path Finder
‎04-10-2012 12:51 AM

I've investigated further and realized that if I set the span on the timechart to 2h instead of 1h it works!

This must be some sort of Splunk bug?

0 Karma
Reply
Solved! Jump to solution

cphair
Builder
‎04-25-2012 02:51 PM

I just encountered this myself. I think you're hitting the "reasonable resolution" limit discussed here: http://splunk-base.splunk.com/answers/33050/a-month-time-of-x-axis-with-span-of-5-min-window If no timespan is specified, Splunk picks a reasonable default based on the time range and returns data over the entire range, but if you bother to explicitly specify a timespan, it figures you must really care about the detail, so it sacrifices some of the range in order to display what you asked for.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...