Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Plotting a graph to show values increasing over time

rdb_splunk
Explorer
‎02-12-2013 08:55 AM

HI there,

I was hoping someone may have some advice on how to plot a graph for the following trend,

I am trying to figure out, how to graph the value increase and decrease for the instances of Media files count: 634144. e.g. you will see below that the count, changes over time. I want to do a time chart portraying these values, changing over time, against the source types, these entries belong to. Thanks for any ideas?

2013.02.10 20:56:46:199 INFO avidmi 2608 nycoewg01mi02 CACHE SAVED. Media files count: 634144. Unique media files count: 625887. Duplicated media files count:8257 215

2013.02.11 12:56:48:192 INFO avidmi 2608 nycoewg01mi02 CACHE SAVED. Media files count: 629238. Unique media files count: 621189. Duplicated media files count:8049 215

     2013.02.11 14:56:48:392    INFO    avidmi  2608    nycoewg01mi02   CACHE SAVED. Media files count: 632638. Unique media files count: 624586. Duplicated media files count:8052       215
Tags (1)
Reply

rdb_splunk
Explorer
‎02-20-2013 06:29 PM

thanks - that worked perfectly - I am using it all the time now....

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-21-2013 09:22 AM

You are welcome.
For other splunk magic functions, take a look at the cheat sheet http://www.innovato.com/splunk/

also if you do not mind, please accept the previous answer with the transparent check mark on the left side.

0 Karma
Reply

rdb_splunk
Explorer
‎02-13-2013 02:06 PM

Excellent - thanks very much. Just what i needed.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-12-2013 09:43 AM

Extract the value in a field, using rex or an automatic field extraction.
beware the "Media" caps is important, because you have almost he same 2 times.

... |rex "Media files count: (?<media_files_count>\d+)" | table _time media_files_count sourcetype

then use it for a timechart

... |rex "Media files count: (?<media_files_count>\d+)" | timechart span=5m avg(media_files_count) by sourcetype

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...