Archive

Time chart of a field

naomibn
Explorer

Hello experts,
I am a novice and would need some help with my below requirement. My search return some thing like below. Now, I need to plot a graph where I can show the difference value in a line chart for every 4 hours.

Max MIn Difference
1000 700 300
Kindly assist

Thanks,
Naomi

Tags (1)
0 Karma
1 Solution

knielsen
Contributor

Sounds like a simple timechart to me. So something like:

index=prod_app source="/app/sample.txt" | timechart span=4h eval(max(Records)-min(Records)) as dailydiff

Hth,
Kai.

View solution in original post

0 Karma

knielsen
Contributor

Sounds like a simple timechart to me. So something like:

index=prod_app source="/app/sample.txt" | timechart span=4h eval(max(Records)-min(Records)) as dailydiff

Hth,
Kai.

View solution in original post

0 Karma

naomibn
Explorer

Thanks for the message

0 Karma

naomibn
Explorer

My query is like this

index=prod_app source="/app/sample.txt" | bucket Time span=1h | stats max(Records) as dailymax, min(Records) as dailymin | eval dailydiff = dailymax - dailymin

0 Karma