topic Re: plot a graph in Splunk Search

plot a graph

srinathd — Thu, 24 Oct 2013 09:40:52 GMT

Hi,

For the following search results i need to ploa a graph with starttime in y-axis and Host in x-axis. How to do this?

Host starttime

Test1 10/24/13 01:44:50
Test2 10/24/13 01:44:47
Test3 10/24/13 01:44:47
Test4 10/24/13 01:45:07

Thanks,
Srinath

Re: plot a graph

alacercogitatus — Thu, 24 Oct 2013 11:29:59 GMT

Depends on what kind of graph. Normally when you graph things, you have a value associated with the data. I would do something like this.

your_search | eval Present = if(isnotnull(starttime),1,0)| timechart span=15m max(Present) by host

So, this is saying if your field "starttime" is not null, it will graph a value of 1. So for any events not having a starttime field, it won't show on the graph, thereby plotting values for distinct hosts. Time will be on the X axis, 1 will be on the Y axis, and the column will be for the host.

Re: plot a graph

srinathd — Fri, 25 Oct 2013 01:51:13 GMT

what exactly i need is..on y-axis last 24 hrs time range and on x-axis Host name, and the starttime values should be plotted against this.

Re: plot a graph

alacercogitatus — Fri, 25 Oct 2013 11:38:31 GMT

you could try: |bin span=15m _time | chart starttime over host by _time

Re: plot a graph

srinathd — Tue, 29 Oct 2013 11:29:10 GMT

it is also not working as expected..Is there any other way to achieve this?

Re: plot a graph

alacercogitatus — Tue, 29 Oct 2013 11:49:30 GMT

We merely strive to give you examples and possible solutions, you may need to play with the search and functions to get exactly what you want. The more data you give us (not just "what you wrote doesn't work"), the better we can help you.

Re: plot a graph

srinathd — Tue, 29 Oct 2013 12:18:55 GMT

i have given all the details.. x-axis values,y-axis values and data values to be plot. just please let me know what data do you need..i will try to give you.

Re: plot a graph

alacercogitatus — Tue, 29 Oct 2013 12:40:18 GMT

how about the output of when you ran the chart search above? or the results of the first search?

Re: plot a graph

srinathd — Thu, 31 Oct 2013 06:15:51 GMT

|bin span=15m _time | chart starttime over host by _time.. this is not working as it is asking (val) to be used in chart command. and in the first results we are getting _time on x-axis and on y-axis 0.25 to 1.25 as range and (host,starttime) as data values. what i am trying to get is host on x-axis and last 24 hrs time range(or starting time of starttime and endtime of starttime as range) and starttime values as data points