https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443387#M125802 <P>Hi. I have a table with 3 columns. A B C. A=time, B=run, C=wait<BR /> Explenation of the table: the process runs from A2 (11.03.2015 14:54:32) and the status run=1. The status wait=0. The process ends at 11.03.2015 14:56:28 and the status run=0 and status wait=1. The run process takes 116s. The wait process takes 42s. The whole sequence repeats. Only delta of the time values differs.</P> <PRE><CODE>time run wait 11.03.2015 14:54:32 1 0 11.03.2015 14:56:28 0 1 11.03.2015 14:57:10 1 0 11.03.2015 14:59:06 0 1 11.03.2015 14:59:58 1 0 11.03.2015 15:01:57 0 1 11.03.2015 15:02:15 1 0 </CODE></PRE> <P>How can I build such a chart, which will have: <BR /> x-axis: column A (time) from the table<BR /> y-axis: boolean 0 or 1.<BR /> and columns B and C will be displayed in time (column chart). The width of each run or wait column should depends on, how many seconds take the run or wait process. There should be no blank space between the columns in the chart, because the whole process (run wait run wait ...) is fowing continuously.<BR /> Can anybody have any idea, how to fix it, please?</P> Thu, 27 Jun 2019 07:10:50 GMT spisiakmi 2019-06-27T07:10:50Z https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443387#M125802 <P>Hi. I have a table with 3 columns. A B C. A=time, B=run, C=wait<BR /> Explenation of the table: the process runs from A2 (11.03.2015 14:54:32) and the status run=1. The status wait=0. The process ends at 11.03.2015 14:56:28 and the status run=0 and status wait=1. The run process takes 116s. The wait process takes 42s. The whole sequence repeats. Only delta of the time values differs.</P> <PRE><CODE>time run wait 11.03.2015 14:54:32 1 0 11.03.2015 14:56:28 0 1 11.03.2015 14:57:10 1 0 11.03.2015 14:59:06 0 1 11.03.2015 14:59:58 1 0 11.03.2015 15:01:57 0 1 11.03.2015 15:02:15 1 0 </CODE></PRE> <P>How can I build such a chart, which will have: <BR /> x-axis: column A (time) from the table<BR /> y-axis: boolean 0 or 1.<BR /> and columns B and C will be displayed in time (column chart). The width of each run or wait column should depends on, how many seconds take the run or wait process. There should be no blank space between the columns in the chart, because the whole process (run wait run wait ...) is fowing continuously.<BR /> Can anybody have any idea, how to fix it, please?</P> Thu, 27 Jun 2019 07:10:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443387#M125802 spisiakmi 2019-06-27T07:10:50Z https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443388#M125803 <P>Does something like this do what you want?:</P> <PRE><CODE>&lt;your search&gt; | timechart values(run) as x1, values(wait) as x2 span=1s | filldown x1, x2 </CODE></PRE> Sun, 30 Jun 2019 21:47:33 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443388#M125803 cpetterborg 2019-06-30T21:47:33Z https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443389#M125804 <P>Hi, yes, you are right. It is working. In fact, before that, I need to adjust the _time like this:<BR /> | eval NewTime=strptime(time,"%d.%m.%Y %H:%M:%S") <BR /> | eval _time=NewTime<BR /> | timechart values(run) as x1, values(wait) as x2 span=1s <BR /> | filldown x1, x2</P> <P>thank you very much</P> Mon, 01 Jul 2019 06:25:17 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-chart-from-2-different-fields/m-p/443389#M125804 spisiakmi 2019-07-01T06:25:17Z