Use the timeline to investigate patterns of events
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Use the timeline to investigate patterns of events
The timeline is a visual representation of the number of events that occur at each point in time. Thus, you can use the timeline to highlight patterns of events or investigate peaks and lows in event activity.
As the timeline updates with your search results, you might notice clusters or patterns of bars; the height of each bar indicates the count of events. Peaks or valleys in the timeline can indicate spikes in activity or server downtime.
The timeline options are located above the timeline. You can zoom in and zoom out and change the scale of the chart.
Change the scale of the timeline
You can view the timeline on two scales: linear or logarithmic (log).
The following image shows the search results for all events in the second quarter on a linear scale.
The following image shows the same search results for all events in the second quarter on a log scale.
Zoom in and zoom out to investigate events
Click and drag your mouse over a cluster of bars in the timeline.
- Your search results update to display only the events that occurred in that selected time range.
- If you click zoom in, the timeline updates to display only the span of events that you selected.
Click on one bar in the timeline.
- Your search results update to display only the events that occur at that selected point.
- Once again, if you click zoom in, the timeline updates to display only the events in that selected point.
If you want to select all the the bars in the timeline (undo your previous selection) click select all. This option is only available after you've selected one or more bars and before you selected either zoom in or zoom out.
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.