For example in the below search, when I try to perform timechart for span=2hrs, why it always takes from 23:00 of the previous day?
Example:
index="index1"
| timechart span=2hr count as "Total"
___________________
**_time Total
2019-09-22 23:00 0
2019-09-23 01:00 0
2019-09-23 03:00 36
2019-09-23 05:00 0
2019-09-23 07:00 679
2019-09-23 09:00 782
2019-09-23 11:00 293
2019-09-23 13:00 0
2019-09-23 15:00 0
2019-09-23 17:00 0
2019-09-23 19:00 0
2019-09-23 21:00 0
2019-09-23 23:00 0**
___________________
In my requirement, I need the span should be from 00:00 and not 23:00. Could you please help?
Thanks!!
↧