Timecluster Command
Use this command to group the time-series charts together based on how similar they are to one another.
Syntax
timecluster [<timecluster_options>] <stats_function> (<field_name>) [as new_field_name] [, <stats_function> (<field_name>) [as new_field_name]]* by <field_name> [, <field_name>]*
Parameters
The following table lists the parameters used with this command, along with their descriptions.
Parameter | Description |
---|---|
|
Use this parameter to set the size of each bucket,
using a span length based on time. Permitted values for this
parameter must follow the format
|
|
Use this parameter to specify the time for sizing
the buckets. Permitted values for this parameter must be either
Syntax for the permitted values:
|
|
The field must have a timestamp value. If not,
|
|
Use this parameter to specify the number of values to return for each function. |
|
Use this parameter to specify the name to display for the chart. |
Cluster time-series pattern by entity:
* | link Entity | stats sum('Content Size') as 'Content Size' | timecluster avg('Content Size') by Entity