Databases Reference
In-Depth Information
It will create a table like this:
Since there are no numbers, this cannot be directly made into an image, but it is still
a very useful representation of the data.
Using timechart to show values over time
timechart
lets us show numerical values over time. It is similar to the
chart
command, except that time is always plotted on the x axis. Here are a couple of
things to note:
• The events must have an
_time
field. If you are simply sending the results
of a search to
timechart
, this will always be true. If you are using interim
commands, you will need to be mindful of this requirement.
• Time is always "bucketed", meaning that there is no way to draw a point
per event.
Let's see how many errors have been occurring:
sourcetype="impl_splunk_gen" error | timechart count
The default chart will look something like this:
Search WWH ::
Custom Search