How to set 2 X-Axis Values in a Chart?

elomotanpru · ‎05-19-2022

Hey everyone,

Currently making a report for my team that requires to have two X-Axis values based on the excel sheet shared with me. Below are some screenshots of the desired output, my progress so far, and search query based on what I have learned so far.

The goal:

What I am familiar with using chart in the search:

My search string

| eval DATE=strftime(strptime(DATE,"%d%b%Y"),"%Y-%m-%d")
| eval _time=strptime(DATE." ","%Y-%m-%d")
| where _time >= strptime("$from$", "%m/%d/%Y") AND _time <= strptime("$to$", "%m/%d/%Y")
| eval epochtime=strptime(TIME, "%H:%M:%S")| eval desired_time=strftime(epochtime, "%I:%M:%S %p")
| chart sum(VIO_PAGING_SEC) as "$lpar$ Sum of VIO_PAGING_SEC" sum(SYSTEM_PAGEFAULTS_SEC) as "$lpar$ SYSTEM_PAGEFAULTS_SEC" sum(SWAP_PAGIN_SEC) as "$lpar$ SWAP_PAGIN_SEC" sum(LOCAL_PAGEFAULTS_SEC) as "$lpar$ LOCAL_PAGEFAULTS_SEC" over desired_time

ITWhisperer · ‎05-19-2022

This is not possible with standard charts

elomotanpru · ‎05-19-2022

Is there a way to implement not using charts with the default Splunk dashboard capabilities?

How to set 2 X-Axis Values in a Chart?

chart

other

panel

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!