https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Timechart I tried several syntaxes but none is working. they all require aggregate function. My goal is to display a line chart, representing the value of an event field over time. Very simple, I don't need any max/min/sum/count at all. I need the x-axis to be the time span(time range that I passed in as query timespan), every event will be a data point in that chart, y-axis is the value of a field that I choose, for example, fieldA, which is a double value field. how to write my splunk query? search query ...| timechart fieldA? (you don't have to use timechart, any command that can achieve my goal will be accepted)
update: let me try to describe what I wanted using a data generation example: | makeresults count=10 | streamstats count AS rowNumber let's say the time span is last 24 hours, when running above query in splunk, it will generate 10 records data with the same _time field which is @now, and a rowNumber field with values from 1 to 10. what I want to see is a visualization, x-axis starts from (@now-24hours) to @now, and no data points for most of the x-axis, but at last second(the rightmost) I want to see 10 dots, the y-axis values of them is from 1 to 10.
