Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Plot vectors against each other?

Freddler
Explorer
‎05-28-2021 05:28 AM

I'm trying to visualize some numerical data with chart but I'm not getting any results. No errors or anything but no plots either. 

the target event looks something like:

 

 

Log":[{"pressure":[0,45,976,1710,2412,3168,4207,..]},{"speed":[0,2432,3695,3611,3539,3435,3518,..]}, ...

 

 

Where the equal length vectors are what I want to visualize, either as parallel lines  or as a scatterplot against each other or whatever.  Using the code below, I've managed to extract the numbers using regular expressions and split them at the comma. Inspecting the result in the statistics tab, the values appear neatly next to eachother in what I consider to look like x- and y-vectors:

 

 

| rex "pressure\":\[(?P<pressure>[^]]{1,})"
| makemv delim="," pressure
| rex "speed\":\[(?P<speed>[^]]{1,})"
| makemv delim="," speed
| chart list(pressure), list(speed)

 

 

 (I tried using values instead of list first, but there were some identical numbers in one of the vectors which resluted in them being of different length)

In my world, I should be able to just plot these against eachother since they are the same length, but I can't find a way of doing it. 
Changing the last line to this: "| chart list(OPVPresVec) by OPVPumpSpeedVec", the entire pressure vector is mapped to every element of the speed vector, which ofcourse is nonsense.

I've tried using mvexpand after the delims but I get a similar result, with one entire vector being mapped to every element of the other. I am at a loss and have no idea what I'm doing.

Does anybody know how to solve this? Thanks in advance.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-28-2021 05:36 AM

Something like this?

| eval points=mvzip(pressure,speed,":")
| mvexpand points
| eval points=split(points,":")
| eval pressure=mvindex(points,0)
| eval speed=mvindex(points,1)
0 Karma
Reply

Freddler
Explorer
‎05-28-2021 06:20 AM

I am indeed getting something to plot with this, thank you! However, the values (x-y-pairs) seem to have been scrambled somewhere along the line. I inserted your code between my last delim command and the chart command. Was that how it was intended?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-28-2021 06:26 AM 
| makeresults
| eval _raw="{\"Log\":[{\"pressure\":[0,45,976,1710,2412,3168,4207]},{\"speed\":[0,2432,3695,3611,3539,3435,3518]}]}"
| rex "pressure\":\[(?P<pressure>[^]]{1,})"
| makemv delim="," pressure
| rex "speed\":\[(?P<speed>[^]]{1,})"
| makemv delim="," speed
| eval points=mvzip(pressure,speed,":")
| mvexpand points
| eval points=split(points,":")
| eval pressure=mvindex(points,0)
| eval speed=mvindex(points,1)
| table pressure speed

This can be visualised in a line chart

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...