Create time-based charts
This topic discusses using the timechart command to create time-based reports.
The timechart command
The timechart command generates a table of summary statistics. This table can then be formatted as a chart visualization, where your data is plotted against an x-axis that is always a time field. Use the timechart command to display statistical trends over time You can split the data with another field as a separate series in the chart. Timechart visualizations are usually line, area, or column charts.
When you use the timechart command, the x-axis represents time. The y-axis can be any other field value, count of values, or statistical calculation of a field value.
For more information, see the Data structure requirements for visualizations in the Dashboards and Visualizations manual.
Examples
Example 1: This report uses internal Splunk log data to visualize the average indexing thruput (indexing kbps) of Splunk processes over time. The information is separated, or split, by processor:
index=_internal "group=thruput" | timechart avg(instantaneous_eps) by processor
See also
| About transforming commands and searches | Create charts that are not (necessarily) time-based |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Download manual
Feedback submitted, thanks!