hi
after writ in the search "source="tcp:514" sourcetype="syslog" | chart values(_raw)" i see the results:
values(_raw)
10,20,30,40
how i can displays chart thet x-axis is simple runnung index (1,2,3,4,5...)
and y-axis is the 10,20,30,40 values.?
now i can only seccuss to chart one value by time.
thanks
ok i find solution:
i use mvexpand to split the value into event, then rename time as serial
the plot is serial number in x
source="tcp:514"
| streamstats values(_raw) as value
| makemv value
| mvexpand value
| streamstats count AS _time
| rename _time AS serial
i have more question bus i save it to another post
thanks
| table serial value | head 2001
yes
i receive raw data in form of array: 10,20,30,40
i want to plot it like graph(in this case the results are linear line)
y-10,20,30,40
x-1, 2, 3, 4
for example:
if i rechive one by one( seperate TCP packege ) : 10 then 20 then 30 in , i can plot it by _time.
here i want to plot it by index that i need to create in splunk.