In some requests or in some dashboards, you want to have a timechart to visualize (for example) how much calls you receive for an operation.

So here are 2 tips which can help you to work with!

Span

By default, the timechart will group the data with a span depending of the time period you choose. But maybe you want to fix this span a particular value.
So here is the parameter

timechart span=[time] ...
Where time is a number associated with a letter to define the time span.

Letters available

• s - second
• m - minute
• h - hour
• d - day
• w - week

Examples

# 1 hour span
index=application_a | timechart span=1h count by name

# 10 seconds span
index=application_b | timechart span=10s count by title

Thing to avoid

When you are using the timechart, avoid to have a "sort" in it. It won't be useful and it can alter your result.

In a larger way, be sure to remove all the treatments which are not useful for your request. It will take more time for your request to be executed and as said, you can retrieve a false result.

I hope it will help you! 🍺