Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

How to timechart multiple functions in one search?

naty
Path Finder
โ€Ž01-18-2017 06:55 AM

Hi,

i want to do a timechart with multiple functions, for example - timechart span=1h max(blabla) by boo1 avg(blabla) by boo1

this is my search:

index=myind source=mysrc | timechart span=1h avg(CPU_USAGE) by Process_Name

CPU_USAGE and Process_Name are made up, just so i can show the split-by clause.

what i would like to do is something like this:
index=myind source=mysrc | timechart span=1h avg(CPU_USAGE) by Process_Name, max(CPU_USAGE) by Process_Name

so the idea is to show on the same panel both the average & the maximum of the CPU_USAGE for each process name.
because there can only be one split-by clause, the above search won't help.

i tried using this:
index=myind source=mysrc | timechart span=1h avg(CPU_USAGE) by Process_Name | appendcols [search index=myind source=mysrc | timechart span=1h max(CPU_USAGE) by Process_Name]

but that's a heavy search that is not really good, i am doing twice the search for the same data ๐Ÿ˜ž

help!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

andrey2007
Contributor
โ€Ž01-18-2017 08:32 AM

index=myind source=mysrc | timechart span=1h avg(CPU_USAGE) max(CPU_USAGE) by Process_Name

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

andrey2007
Contributor
โ€Ž01-18-2017 08:32 AM

index=myind source=mysrc | timechart span=1h avg(CPU_USAGE) max(CPU_USAGE) by Process_Name

View solution in original post

0 Karma
Reply
Solved! Jump to solution

naty
Path Finder
โ€Ž01-21-2017 10:41 PM

great!
Thank you!

0 Karma
Reply