Create Timechart Widget for All Events
Query
timeChart(span=1h, function=count())
Introduction
The time chart widget is the most commonly used widget in
LogScale. It displays bucketed time series data on a timeline. The
timeChart()
function is used to create
timechart widgets, in this example a timechart that shows the
number of events per hour over the last 24 hours. We do this by
selecting to search over the last 24 hours in the time selector in
the UI, and then we tell the function to make each time bucket one
hour long (withspan=1hour
).
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
timeChart(span=1h, function=count())
Creates 24 time buckets when we search over the last 24 hours, and all searched events get sorted into groups depending on the bucket they belong to (based on their @timestamp value). When all events have been divided up by time, the
count()
function is run on each group, giving us the number of events per hour. Event Result set.
Summary and Results
The query is used to create timechart widgets showing number of events per hour over the last 24 hours. The timechart shows one group of events per time bucket. When viewing and hovering over the buckets within the time chart, the display will show the precise value and time for the displayed bucket, with the time showing the point where the bucket starts.