All Apps and Add-ons

Creating a line graph that displays raw array by index

erez10121012
Path Finder

hi
after writ in the search "source="tcp:514" sourcetype="syslog" | chart values(_raw)" i see the results:
values(_raw)
10,20,30,40

how i can displays chart thet x-axis is simple runnung index (1,2,3,4,5...)
and y-axis is the 10,20,30,40 values.?

now i can only seccuss to chart one value by time.
thanks

Tags (1)
0 Karma
1 Solution

erez10121012
Path Finder

ok i find solution:
i use mvexpand to split the value into event, then rename time as serial
the plot is serial number in x
alt text
source="tcp:514"
| streamstats values(_raw) as value

| makemv value

| mvexpand value

| streamstats count AS _time
| rename _time AS serial

i have more question bus i save it to another post
thanks
| table serial value | head 2001

View solution in original post

erez10121012
Path Finder

yes
i receive raw data in form of array: 10,20,30,40
i want to plot it like graph(in this case the results are linear line)
y-10,20,30,40
x-1, 2, 3, 4
for example:
if i rechive one by one( seperate TCP packege ) : 10 then 20 then 30 in , i can plot it by _time.

here i want to plot it by index that i need to create in splunk.

0 Karma

erez10121012
Path Finder

hi
thanks for the answer
i think the results are good, i want to see linear line
x=1,2,3,4,5......
y=10,20,30,40
please see the picture.
][1]

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...