Consider the following search run over a time range of last 7 days:
index=web sourcetype=access_combined | timechart avg(bytes) by product_name
Which option is used to change the default time span so that results are grouped into 12 hour intervals?
Consider the following search run over a time range of last 7 days:
index=web sourcetype=access_combined | timechart avg(bytes) by product_name
Which option is used to change the default time span so that results are grouped into 12 hour intervals?
To change the default time span in a Splunk 'timechart' command so that results are grouped into 12-hour intervals, you use the 'span' argument. The correct syntax for specifying a 12-hour interval is 'span=12h'. This tells the 'timechart' command to aggregate the data in 12-hour bins. Therefore, the appropriate option is 'span=12h'.
Timechart requires the argument `span`, not `timespan`. As well, you must specify the unit of time (example 3h or 5m) with this argument so the only option is `span=12h`. https://docs.splunk.com/Documentation/SCS/current/SearchReference/TimechartCommandExamples
there is nothing in the link. Are you sure the answer is span=12h ? I passed the exam and I clicked the timespan=12h
correcting my typo >> I clicked the timespan=12
I can’t find a reference about timespan on Timechart documentation.
https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference I guess he sent a wrong one to you. But the result should be “span =12h”. The syntax of bin options should be [span=<log-span>|span=<span-length>|span=<snap-to-time>]. And congratulations you passed the examination. https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Timechart#Span_options/Timechart#Span_options
Answer is B. Argument is span. Tested live.
span is correct. Who selects the answers here? Many answers are wrong.
I agree with B you will use Span not Timespan!
span=12h
As many have already voted, plus Enterprise updated reference https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timechart More specifically #Span_options "timespan" does not exist and "Timescale unit[s]" is required.