Solved: Create graphs from a CSV file with time and values

athreyavc · ‎03-28-2014

Hi,

I am vey new to splunk, still exploring the options.

I have a file it is a CSV

03/27/2014 18:01:32, 2.036544
03/27/2014 18:11:32, 1.846386
03/27/2014 18:21:32, 1.911929
03/27/2014 18:31:32, 1.655284
03/27/2014 18:41:32, 9.481447
03/27/2014 18:51:32, 9.385653
03/27/2014 19:01:32, 9.599620
03/27/2014 19:11:37, 2.907257
03/27/2014 19:21:41, 2.192929
03/27/2014 19:31:41, 1.993718

Is it possible to create a graph using the CSV in Splunk?

Best Regards,
A

linu1988 · ‎04-14-2014

| inputlookup master.csv|eval _time=strptime(Time,"%m/%d/%Y %H:%M")|timechart avg(Value) span=5m

View solution in original post

linu1988 · ‎04-14-2014

| inputlookup master.csv|eval _time=strptime(Time,"%m/%d/%Y %H:%M")|timechart avg(Value) span=5m

reswob4 · ‎05-11-2017

I've been looking for something that did what Values did. Thanks.

athreyavc · ‎04-14-2014

thank you for helping me so quickly with this.It was mainly because there was readings which are 0 for some timestamps, corrected that with this.

Graph looks all good.

linu1988 · ‎04-14-2014

it may be missing some timestamp or it may not be able to read the formated csv file.
try the below as well
|timechart Values(Bandwidth) span=5m

athreyavc · ‎04-14-2014

One other issue I observed when I graph it it misses some values, it is becuase of Avg ?

somesoni2 · ‎04-14-2014

Try this:

| inputlookup master.csv | fields Time,bandwidth | convert ctime | eval bw=bandwidth/100| convert timeformat="%m/%d/%Y %H:%M" mktime(Time) as _time | table _time bw

athreyavc · ‎04-14-2014

|inputlookup master.csv|eval _time=strptime(Time,"%m/%d/%Y %H:%M")|timechart avg(Bandwidth) span=5m

Worked like a Charm, awesome!!

somesoni2 · ‎04-14-2014

Where are you using this query to create chart, a dashboard or from Search screen?

athreyavc · ‎04-14-2014

thanks for the reply,

Sorry, it doesn't show the time in the X-axis, Graph is getting created and it is fine too, just want the X axis to show dates.

Thanks again

best Regards,

A

athreyavc · ‎04-14-2014

Hi,

Sorry there was a delay from myside on the update. I got the Graph created.

04/14/2014 08:05,1048576
04/14/2014 08:10,1048576
04/14/2014 08:15,908112
04/14/2014 08:20,873912
04/14/2014 08:25,1048576
04/14/2014 08:30,1048576

| inputlookup master.csv | fields Time,bandwidth | eval bw=bandwidth/100 | table Time bw,

however the X-Axis is not showing the times.

I am not sure how to use the timechart for this.

Please help.

Best Regards,

A

somesoni2 · ‎03-28-2014

All these activities you can do from Splunk Web UI.
Create lookup
http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usefieldlookupstoaddinformationtoyourev...
Index data
http://docs.splunk.com/Documentation/Splunk/latest/Data/UseSplunkWeb
Search manual
http://docs.splunk.com/Documentation/Splunk/latest/Search/Whatsinthismanual

athreyavc · ‎03-28-2014

Hi Thanks for the comment.

Should I run it from the command line?

somesoni2 · ‎03-28-2014

You can add your csv file as lookup input file OR import to Splunk (with necessary field extraction configuration). Once data is in splunk, your can create charts as per your requirement.
if lookup
|inputlookup yourCsvFileName.csv | stats max(Value) by Timestamp
if imported to index
index=yourIndex source=*yourCsvFileName.csv | stats max(Value) by Timestamp

Create graphs from a CSV file with time and values

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!