https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66470#M16534 <P>Assuming that you have the fields already extracted, this is one way of doing it. In this case we're charting by <CODE>_time</CODE>, which along with <CODE>first()</CODE> will work more as a plotting command than an aggregation command, given that there is only one event per <CODE>_time</CODE>. </P> <PRE><CODE>your_base_search | chart first(visibility) first(dewPoint) first(temperature) first(ozone) by _time </CODE></PRE> <P>You can also use <CODE>timechart span=xxx stats_command(field) stats_command(field)</CODE></P> <P><A href="http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions">http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions</A></P> <P>Hope this helps,</P> <P>Kristian</P> Tue, 18 Jun 2013 08:05:15 GMT kristian_kolb 2013-06-18T08:05:15Z https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66469#M16533 <P>Is there any way that we can use a search to create multiple line chart? against the time? I set an interval on 300 seconds and against time, what is the best search commands that we can use ?</P> <P>time : 1371459878<BR /> visibility : 1.73<BR /> windBearing : 197<BR /> windSpeed : 8.97<BR /> cloudCover : 0.97<BR /> dewPoint : 70.9<BR /> humidity : 0.55<BR /> icon : cloudy<BR /> ozone : 264.25<BR /> precipIntensity : 0<BR /> pressure : 1004.23<BR /> summary : Overcast<BR /> temperature : 90.46</P> Tue, 18 Jun 2013 06:27:45 GMT https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66469#M16533 sbnoobbb 2013-06-18T06:27:45Z https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66470#M16534 <P>Assuming that you have the fields already extracted, this is one way of doing it. In this case we're charting by <CODE>_time</CODE>, which along with <CODE>first()</CODE> will work more as a plotting command than an aggregation command, given that there is only one event per <CODE>_time</CODE>. </P> <PRE><CODE>your_base_search | chart first(visibility) first(dewPoint) first(temperature) first(ozone) by _time </CODE></PRE> <P>You can also use <CODE>timechart span=xxx stats_command(field) stats_command(field)</CODE></P> <P><A href="http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions">http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions</A></P> <P>Hope this helps,</P> <P>Kristian</P> Tue, 18 Jun 2013 08:05:15 GMT https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66470#M16534 kristian_kolb 2013-06-18T08:05:15Z https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66471#M16535 <P>Given search below, do you have any guidance to improve my search ?</P> <P>sourcetype="NYPWeatherForecastCurrently" | chart first(current_temperature) max(current_temperature) avg(current_temperature) min(current_temperature) first(current_psi) first(current_humidity) first(current_dewpoint) first(current_visibility) first(current_windSpeed) by _time</P> <P>time : 1371697655<BR /> visibility : 0.3<BR /> windBearing : 247<BR /> windSpeed : 7.16<BR /> psiAverage : 162<BR /> cloudCover : 0.38<BR /> dewPoint : 72.24<BR /> humidity : 0.57<BR /> icon : fog<BR /> ozone : 268.3<BR /> precipIntensity : 0<BR /> pressure : 1007.63<BR /> summary : Foggy<BR /> temperature : 89.95</P> Mon, 28 Sep 2020 14:08:11 GMT https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66471#M16535 sbnoobbb 2020-09-28T14:08:11Z https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66472#M16536 <P>if you want to use min/max/avg you might want to <CODE>bucket</CODE> <CODE>_time</CODE>, or use the <CODE>timechart</CODE>. Otherwise the values will be the same (guessing you have one event per _time).</P> <P>Use <CODE>timechart span=XXX max(Y) avg(Y) min(Y) max(Z) avg(Z)</CODE> etc, where the span is long enough to ensure that several events get included in the time-slot.</P> Thu, 20 Jun 2013 07:40:14 GMT https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66472#M16536 kristian_kolb 2013-06-20T07:40:14Z https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66473#M16537 <P>Thanks !!!</P> Tue, 25 Jun 2013 08:06:57 GMT https://community.splunk.com/t5/Splunk-Search/One-search-to-create-multiple-line-chart/m-p/66473#M16537 sbnoobbb 2013-06-25T08:06:57Z