Solved: Help how to create bar chart from two different so...

dhavamanis · ‎10-30-2014

Need a help.

Can you please provide the sample query to draw the bar chart (stacked bar chart) with the below info. We have the two sources and index="idxstaging"

/var/log/idx/dispacher.log
column:
transactionid
workertime (number)
database_time (number)
/var/log/idx/api.log

Column:
transactionid
apiresponse_time (number)

how can i build a bar chart based on transactionid from the above column. We want to show the each transaction how long time its spent for workertime, databasetime and apiresponse_time.

martin_mueller · ‎10-30-2014

Try this:

index=idxstaging (source=/var/log/idx/dispacher.log OR source=/var/log/idx/api.log) | chart sum(worker_time) sum(database_time) sum(api_response_time) by transaction_id

Configure the chart to bar and stacked through the UI.

View solution in original post

martin_mueller · ‎10-30-2014

Try this:

index=idxstaging (source=/var/log/idx/dispacher.log OR source=/var/log/idx/api.log) | chart sum(worker_time) sum(database_time) sum(api_response_time) by transaction_id

Configure the chart to bar and stacked through the UI.

View solution in original post

martin_mueller · ‎10-30-2014

I'm pretty sure that order is based on the column names alphabetically, so name them in a way that suits your ordering needs.

dhavamanis · ‎10-30-2014

Thank you, is it possible to show in this order from the bottom, apiresponsetime, workertime and databasetime (o top). because the database values are very less and not showing any results.

martin_mueller · ‎10-30-2014

Append this to your search:

... | addtotals | sort - Total | fields - Total

dhavamanis · ‎10-30-2014

It works, Thank you so much, how can i order the results based value in the chart. like highest value on top and lowest value to bottom.

Help how to create bar chart from two different source?