Solved: How to plot multiple values on single line chart

shanecifaldi · ‎08-21-2018

Hi All.

I run the below search

sourcetype=dbx3_netapp_vault_utilization

it returns the below: (names redacted)

I need to create a line chart that shows the "name" and "volumeUsed" from 48 hours ago compared to 24 hours ago so we can trend our snapshot size.

pyro_wood · ‎08-21-2018

Hi @shanecifaldi,

how about something like this.

sourcetype=dbx3...zation earliest=-24h@h latest=@h | timechart span=1h sum(volumeUsed) AS volume_last_24h by name 
| append [search sourcetype=dbx3...zation earliest=-48h@h latest=-24h@h | timechart span=1h sum(volumeUsed) AS volume_last_48h by name]

View solution in original post

pyro_wood · ‎08-21-2018

Hi @shanecifaldi,

how about something like this.

sourcetype=dbx3...zation earliest=-24h@h latest=@h | timechart span=1h sum(volumeUsed) AS volume_last_24h by name 
| append [search sourcetype=dbx3...zation earliest=-48h@h latest=-24h@h | timechart span=1h sum(volumeUsed) AS volume_last_48h by name]

View solution in original post

shanecifaldi · ‎08-22-2018

this works well but there is one issue - for some reason almost 1/2 of the volumes are being grouped as "other".

shanecifaldi · ‎08-22-2018

thanks for your help i figured it out with the limit=0 syntax.

How to plot multiple values on single line chart

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!

Sign up now >