From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Join today to access over 25,400 courses taught by industry experts.
The timechart command - Splunk Tutorial
From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
The timechart command
- Before we dive into time chart command, let's take a look at the chart command. As we'll see, time chart command is basically a variant of chart command. The chart command is a very useful transforming command that orders results in a data table. It's very similar to tags in this respect. But what is different in chart command is it can accept only maximum of two split by classes. And this is a key difference between chart and stats. Stats can accept any number of split by classes. It's extremely powerful in that manner, but chart can accept only two split by classes. The first split by class becomes the first column, with the values of that field representing the labels. Each column represents a distinct value of the second split by class. This is where stats and chart varies. So chart is suitable for plotting certain types of visualization in a data table or a pie chart, for example, because it accepts only two split by classes. The first class forming the x-axis, and the second…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.