How to plot a graph based on a field's value again...

siddhantkumar08 · ‎02-15-2022

I have a field whose value ranges from 0 to 20. I want to plot the graph to find the range of values being hit for the field every day.

I tried using timechart but instead of it giving me ranges per day it starts building out graphs per value, like value 1 occurred on day1 ,day 2, day 4. I need it to tell me what all values occurred on a particular day rather than what days have those values.

index=a $search string$
| eval bytes=bytes/1000000
| timechart count by bytes

Hope I could explain what I am trying here..

siddhantkumar08 · ‎02-16-2022

Is there a way to cover the values in between min and max as well?

VatsalJagani · ‎02-16-2022

Couldn't understand what is your use case exactly. Please explain.

siddhantkumar08 · ‎02-16-2022

I would need to know the value of bytes each day. so day 1 it can be 0,2,3,4; day 2 it is 3,4,5;

similiarly within a day, 1pm-2pm: it was 4,2,5 and 2pm-3pm it was 0,3,2

Something like the above..

VatsalJagani · ‎02-15-2022

Try this:

<your search>
| timechart span=1d min(bytes) as min_value, max(bytes) as max_value

- I'm assuming your field name is bytes but you can change it.

- This should give you two lines if you use a line chart as visualization. For daily min_value and max_value.

How to plot a graph based on a field's value against time?

chart

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation