a very simple query with two data

rpachecoa — Mon, 24 Aug 2020 04:13:29 GMT

hello Guys,

I'm very very noob using Splunk, I have a very simple log file which contains 5 columns of data:

bloque1 | 2020-04-01| 05:39:35.407 | 09:14:34.398 | 03:34:58.991
bloque1 | 2020-04-02| 03:50:29.469 | 07:26:32.869 | 03:36:03.4
bloque1 | 2020-04-03| 04:09:47.659 | 08:05:38.248 | 03:55:50.589
bloque1 | 2020-04-04| 04:49:51.142 | 08:37:40.141 | 03:47:48.999
bloque1 | 2020-04-05| 05:27:43.616 | 09:06:23.898 | 03:38:40.282
bloque1 | 2020-04-06| 06:51:08.264 | 10:27:12.113 | 03:36:03.849
bloque1 | 2020-04-07| 04:05:32.292 | 07:54:32.055 | 03:48:59.763

etc, I am trying to graph the second field with the last field.

The second field is the day of execution of a process and the last field is the average execution time of that process. I just want a graph that places the value of the execution date on "x" axis and the average time per day on the "y" Axis.

But I only get a straight line graph with the event count per day.

Could you help me with the query or the necessary steps to be able to obtain the graph I want. I greatly appreciate the support and your comments.

Re: a very simple query with two data

Nisha18789 — Mon, 24 Aug 2020 05:43:48 GMT

Hi @rpachecoa , assuming execution date field name as execution_date and avg execution time as avg_exec_time and process name as process

......| chart values(avg_exec_time) by process over execution_date

please upvote if it helps!

topic Re: a very simple query with two data in Splunk Search

a very simple query with two data

Re: a very simple query with two data