The Dashboard Gallery • Room 2

🖥️ SPL Lab: Timechart

Create your own timechart search! You want to visualize how the number of error events changes over time in the web_logs index.

The timechart command automatically splits data into time buckets and works just like stats, but with time on the x-axis.

Timechart Syntax

index=<name> | timechart <function>(<field>) by <split_field>

For counting events, you can use timechart count — no field argument needed.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Write a timechart that counts error events over time in the web_logs index.

Splunk Search Bar