https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415786#M119677 <P>@tgdvopab if your issue is resolved, do go ahead and accept the answer to mark this question as resolved!</P> Mon, 21 Jan 2019 16:01:52 GMT niketn 2019-01-21T16:01:52Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415784#M119675 <P>Hi all,</P> <P>I want to get the average from a value, group this by cluster and hostname and show the value in a timechart.</P> <P>With the grid-view, I would like to have one panel for each cluster.</P> <P>For example:</P> <PRE><CODE>index=foo sourcetype=bar | timechart avg(Value) by cluster,hostname </CODE></PRE> <P>And have for each cluster a separate panel.</P> <P>Is this possible? I know that multiple by fields are possible with the stats-command.</P> <P>But, I'm not able to group them with the grid view.</P> <P>Someone can help me please?</P> Mon, 21 Jan 2019 14:51:22 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415784#M119675 tgdvopab 2019-01-21T14:51:22Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415785#M119676 <P>@tgdvopab, what do you imply by Grid View? If you are on Splunk 6.6 or higher, try to feed the output of following query to <A href="https://docs.splunk.com/Documentation/Splunk/latest/Viz/VisualizationTrellis">Trellis Layout</A> and Split by <CODE>Cluster</CODE> as aggregation field.</P> <PRE><CODE> index=foo sourcetype=bar | bin _time span=1h | stats count by cluster,hostname </CODE></PRE> Mon, 21 Jan 2019 15:47:03 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415785#M119676 niketn 2019-01-21T15:47:03Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415786#M119677 <P>@tgdvopab if your issue is resolved, do go ahead and accept the answer to mark this question as resolved!</P> Mon, 21 Jan 2019 16:01:52 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415786#M119677 niketn 2019-01-21T16:01:52Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415787#M119678 <P>Thanks for your answer! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /> Now I need to have the data from stats in a timechart.<BR /> So I think I need also the _time value in stats, for example: stats count by _time,cluster,hostname<BR /> But this doesn't work. Do you have an idea?</P> Tue, 22 Jan 2019 15:24:40 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-multiple-by-fields-with-a-trellis-layout/m-p/415787#M119678 tgdvopab 2019-01-22T15:24:40Z