For example in the below search query, when i try to perform timechart for span=2hrs, why it always takes from 23:00 of previous day ?
Example:
index="index1"
| timechart span=2hr count as "Total"
___________________
_time Total
2019-09-22 23:00 0
2019-09-23 01:00 0
2019-09-23 03:00 36
2019-09-23 05:00 0
2019-09-23 07:00 679
2019-09-23 09:00 782
2019-09-23 11:00 293
2019-09-23 13:00 0
2019-09-23 15:00 0
2019-09-23 17:00 0
2019-09-23 19:00 0
2019-09-23 21:00 0
2019-09-23 23:00 0
In my requirement i need the span should be from 00:00 and not 23:00. Could you please help ?
Thanks!!
↧