Create time-based charts
This topic discusses using the timechart command to create time-based reports.
The timechart command
The timechart command generates a table of summary statistics. This table can then be formatted as a chart visualization, where your data is plotted against an x-axis that is always a time field. Use the timechart command to display statistical trends over time You can split the data with another field as a separate series in the chart. Timechart visualizations are usually line, area, or column charts.
When you use the
timechart command, the x-axis represents time. The y-axis can be any other field value, count of values, or statistical calculation of a field value.
For more information, see the Data structure requirements for visualizations in the Dashboards and Visualizations manual.
Example 1: This report uses internal Splunk log data to visualize the average indexing thruput (indexing kbps) of Splunk processes over time. The information is separated, or split, by processor:
index=_internal "group=thruput" | timechart avg(instantaneous_eps) by processor
About transforming commands and searches
Create charts that are not (necessarily) time-based
This documentation applies to the following versions of Splunk Cloud™: 7.0.11, 7.0.13, 7.2.4, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 8.0.2001, 8.0.2003, 8.0.2004, 8.0.2006, 8.0.2007, 8.1.2008