Solved: Re: Time chart of a field

naomibn · ‎05-07-2018

Hello experts,
I am a novice and would need some help with my below requirement. My search return some thing like below. Now, I need to plot a graph where I can show the difference value in a line chart for every 4 hours.

Max MIn Difference
1000 700 300
Kindly assist

Thanks,
Naomi

knielsen · ‎05-08-2018

Sounds like a simple timechart to me. So something like:

index=prod_app source="/app/sample.txt" | timechart span=4h eval(max(Records)-min(Records)) as dailydiff

Hth,
Kai.

View solution in original post

knielsen · ‎05-08-2018

Sounds like a simple timechart to me. So something like:

index=prod_app source="/app/sample.txt" | timechart span=4h eval(max(Records)-min(Records)) as dailydiff

Hth,
Kai.

naomibn · ‎07-26-2018

Thanks for the message

naomibn · ‎05-07-2018

My query is like this

index=prod_app source="/app/sample.txt" | bucket Time span=1h | stats max(Records) as dailymax, min(Records) as dailymin | eval dailydiff = dailymax - dailymin

Time chart of a field

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!