Create time-based charts

This topic discusses using the timechart command to create time-based reports.

The timechart command

The timechart command generates a table of summary statistics. This table can then be formatted as a chart visualization, where your data is plotted against an x-axis that is always a time field. Use the timechart command to display statistical trends over time You can split the data with another field as a separate series in the chart. Timechart visualizations are usually line, area, or column charts.

When you use the timechart command, the x-axis represents time. The y-axis can be any other field value, count of values, or statistical calculation of a field value.

For more information, see the Data structure requirements for visualizations in the Dashboards and Visualizations manual.


Example 1: This report uses internal Splunk log data to visualize the average indexing thruput (indexing kbps) of Splunk processes over time. The information is separated, or split, by processor:

index=_internal "group=thruput" | timechart avg(instantaneous_eps) by processor

