topic Re: Plotting three fields on timechart in Splunk Search

Plotting three fields on timechart

ChhayaV — Mon, 28 Sep 2020 14:50:53 GMT

hi,
hi,

How can i plot value of three fields on timechart

ProcessName duration(Sec) _time

SaveAllData 1.2 2013-09-24T04:57:20.325+0530

SaveAllData 0.02 2013-09-24T02:57:17.680+0530

working_Days_test 0.05 2013-09-23T22:16:57.994+0530

CreateProductsCSV 0.05 2013-09-23T12:08:27.489+0530

i want to see a timechart which shows which process took how many seconds and at what time

Thanks

Re: Plotting three fields on timechart

somesoni2 — Thu, 26 Sep 2013 20:03:26 GMT

Try the below alternative (produces similar results as timechart)

index=myindex sourcetype=processdata |chart max(duration) as duration over _time by ProcessName

Re: Plotting three fields on timechart

ChhayaV — Fri, 27 Sep 2013 03:19:40 GMT

hi i dont want max of duration i want to plot each and every duration

Re: Plotting three fields on timechart

Ayn — Fri, 27 Sep 2013 06:18:17 GMT

If you just want plot values and don't care about limiting datapoints etc, you could just do

... | xyseries _time ProcessName duration

Re: Plotting three fields on timechart

ChhayaV — Mon, 28 Sep 2020 14:51:15 GMT

Hey thanks i wasn't knowing about this command but its not showing anything on chart i can see only names of the processes

this is my search

index=tm_idx host="server" "finished executing normally" | rex field=_raw "(?i)Process\s(\"|\"})(?\w+)" | rex field=_raw "elapsed\stime\s(?\w.\w+)\sseconds" |xyseries _time Processname myduration

basically i want to show number of process running on ther server with the time it took to complete

Re: Plotting three fields on timechart

Ayn — Fri, 27 Sep 2013 07:04:30 GMT

Well, that would be how you would achieve what you want. I just verified this on my own installation here. If that truly is your search, please note that field names are case sensitive, so "Processname" is not the same as "processname".

Re: Plotting three fields on timechart

ChhayaV — Fri, 27 Sep 2013 08:15:42 GMT

my search is running properly its copy paste mistake..i can see the names of the processes as legend but no chart is displayed

Re: Plotting three fields on timechart

sowings — Fri, 27 Sep 2013 12:29:57 GMT

Did you try it?

Depending upon your data, that may show exactly what you're after; you'll only get max (and not each and every duration) if there are multiple durations in the same second.

Re: Plotting three fields on timechart

ChhayaV — Tue, 01 Oct 2013 06:27:13 GMT

xyseries creates problem when i increase my time range as its plotting each n every day

Re: Plotting three fields on timechart

Ayn — Tue, 01 Oct 2013 07:40:07 GMT

Yes, that is expected - that's why you should use timechart, because it automatically keeps the amount of datapoints down for you. But you said you didn't want that, so this is the issue you'll be running into instead.