How to plot a graph based on a field's value again...

siddhantkumar08 · ‎02-15-2022

I have a field whose value ranges from 0 to 20. I want to plot the graph to find the range of values being hit for the field every day.

I tried using timechart but instead of it giving me ranges per day it starts building out graphs per value, like value 1 occurred on day1 ,day 2, day 4. I need it to tell me what all values occurred on a particular day rather than what days have those values.

index=a $search string$
| eval bytes=bytes/1000000
| timechart count by bytes

Hope I could explain what I am trying here..

siddhantkumar08 · ‎02-16-2022

Is there a way to cover the values in between min and max as well?

VatsalJagani · ‎02-16-2022

Couldn't understand what is your use case exactly. Please explain.

siddhantkumar08 · ‎02-16-2022

I would need to know the value of bytes each day. so day 1 it can be 0,2,3,4; day 2 it is 3,4,5;

similiarly within a day, 1pm-2pm: it was 4,2,5 and 2pm-3pm it was 0,3,2

Something like the above..

VatsalJagani · ‎02-15-2022

Try this:

<your search>
| timechart span=1d min(bytes) as min_value, max(bytes) as max_value

- I'm assuming your field name is bytes but you can change it.

- This should give you two lines if you use a line chart as visualization. For daily min_value and max_value.

How to plot a graph based on a field's value against time?

chart

timechart

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?