Depending on the time range or time span selected.
You can always leverage the timechart command and its functions to better provide and identify more contexts to discrete data. As in the example below, with the timechart command, you will bucket the events first into 5-minute interval. This is well specified by the span parameter.
Index=main sourcetype=access_combined |eval kb=bytes/1024 | timechart span=5m