Solved: How to plot multiple values on single line chart

shanecifaldi · ‎08-21-2018

Hi All.

I run the below search

sourcetype=dbx3_netapp_vault_utilization

it returns the below: (names redacted)

I need to create a line chart that shows the "name" and "volumeUsed" from 48 hours ago compared to 24 hours ago so we can trend our snapshot size.

horsefez · ‎08-21-2018

Hi @shanecifaldi,

how about something like this.

sourcetype=dbx3...zation earliest=-24h@h latest=@h | timechart span=1h sum(volumeUsed) AS volume_last_24h by name 
| append [search sourcetype=dbx3...zation earliest=-48h@h latest=-24h@h | timechart span=1h sum(volumeUsed) AS volume_last_48h by name]

View solution in original post

horsefez · ‎08-21-2018

Hi @shanecifaldi,

how about something like this.

sourcetype=dbx3...zation earliest=-24h@h latest=@h | timechart span=1h sum(volumeUsed) AS volume_last_24h by name 
| append [search sourcetype=dbx3...zation earliest=-48h@h latest=-24h@h | timechart span=1h sum(volumeUsed) AS volume_last_48h by name]

shanecifaldi · ‎08-22-2018

this works well but there is one issue - for some reason almost 1/2 of the volumes are being grouped as "other".

shanecifaldi · ‎08-22-2018

thanks for your help i figured it out with the limit=0 syntax.

How to plot multiple values on single line chart

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor