Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Plotting a graph to show values increasing over time

rdb_splunk
Explorer
‎02-12-2013 08:55 AM

HI there,

I was hoping someone may have some advice on how to plot a graph for the following trend,

I am trying to figure out, how to graph the value increase and decrease for the instances of Media files count: 634144. e.g. you will see below that the count, changes over time. I want to do a time chart portraying these values, changing over time, against the source types, these entries belong to. Thanks for any ideas?

2013.02.10 20:56:46:199 INFO avidmi 2608 nycoewg01mi02 CACHE SAVED. Media files count: 634144. Unique media files count: 625887. Duplicated media files count:8257 215

2013.02.11 12:56:48:192 INFO avidmi 2608 nycoewg01mi02 CACHE SAVED. Media files count: 629238. Unique media files count: 621189. Duplicated media files count:8049 215

     2013.02.11 14:56:48:392    INFO    avidmi  2608    nycoewg01mi02   CACHE SAVED. Media files count: 632638. Unique media files count: 624586. Duplicated media files count:8052       215
Tags (1)
Reply

rdb_splunk
Explorer
‎02-20-2013 06:29 PM

thanks - that worked perfectly - I am using it all the time now....

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-21-2013 09:22 AM

You are welcome.
For other splunk magic functions, take a look at the cheat sheet http://www.innovato.com/splunk/

also if you do not mind, please accept the previous answer with the transparent check mark on the left side.

0 Karma
Reply

rdb_splunk
Explorer
‎02-13-2013 02:06 PM

Excellent - thanks very much. Just what i needed.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-12-2013 09:43 AM

Extract the value in a field, using rex or an automatic field extraction.
beware the "Media" caps is important, because you have almost he same 2 times.

... |rex "Media files count: (?<media_files_count>\d+)" | table _time media_files_count sourcetype

then use it for a timechart

... |rex "Media files count: (?<media_files_count>\d+)" | timechart span=5m avg(media_files_count) by sourcetype

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...