Splunk Examples: Timecharts

WIP Alert This is a work in progress. Current information is correct but more content may be added in the future.

Custom period

To set a custom step size in timecharts, use span=<period> after timechart:

Example: group by 5-minute buckets, count rows

source="my-service" "some-log-message"
| timechart span=5m count