Create time-based charts
This topic discusses using the timechart command to create time-based reports.
The timechart command
The timechart command generates a table of summary statistics. This table can then be formatted as a chart visualization, where your data is plotted against an x-axis that is always a time field. Use the timechart command to display statistical trends over time You can split the data with another field as a separate series in the chart. Timechart visualizations are usually line, area, or column charts.
When you use the
timechart command, the x-axis represents time. The y-axis can be any other field value, count of values, or statistical calculation of a field value.
For more information, see the Data structure requirements for visualizations in the Dashboards and Visualizations manual.
Example 1: This report uses internal Splunk log data to visualize the average indexing thruput (indexing kbps) of Splunk processes over time. The information is separated, or split, by processor:
index=_internal "group=thruput" | timechart avg(instantaneous_eps) by processor
About transforming commands and searches
Create charts that are not (necessarily) time-based
This documentation applies to the following versions of Splunk Cloud Platform™: 8.1.2103, 8.2.2106, 8.2.2107, 8.2.2105, 8.2.2109, 8.2.2111, 8.2.2112, 8.2.2201 (latest FedRAMP release), 8.2.2202, 8.2.2203