Splunk: Timechart

index=_internal | timechart count by x

Issue

TImechart is espically useful when trying to graph data over time. Some issues with using splunk timechart are that you cannot have multiple by fields

This article was updated on January 25, 2020

Nate Crisler

Nate Crisler is a data enthusiast, who by day helps resolve complex issues by aggregating and correlating data, and by night builder of Nutanix and hunter of trolls (the cyber-bullying type). Nutanix NTC 2019 and Splunk advocate for life.