Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Timechart with added series

michaelmathis
Engager
‎12-14-2021 10:38 AM

I have some records that show interface utilization across multiple devices.  I would like to add the utilization from two different devices so that two series are presented on my timechart, summary of inbound utilization for devices A + B, and summary of outbound utilization for devices A+B.


index=nnmperf "Interface Name"="Te0/1/0" "Node Name"="A" OR "Node Name"="B"
| rename "Utilization In" as In
| rename "Utilization Out" as Out
| eval In=In*100
| eval Out=Out*100
| timechart span=30m avg(In) avg(Out) by "Node Name"

I've tried to pipe the chart to addTotals, but I can't figure out how to split the total into two series one for inbound and one for outbound. 

Could someone help me out?  Thank you!

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎12-14-2021 02:47 PM 
| gentimes start=-1 increment=10s 
| eval node=mvindex(split("AB",""),random()%2)
| eval in=random()%100
| eval out=random()%100
| rename starttime as _time 
| table _time node in out


| timechart span=30m avg(in) avg(out) by node
| eval "total: A"='avg(in): A'+'avg(out): A'
| eval "total: B"='avg(in): B'+'avg(out): B'

View solution in original post

0 Karma
Reply
Solved! Jump to solution

michaelmathis
Engager
‎12-14-2021 03:58 PM

Thank you for your help!

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎12-14-2021 02:47 PM 
| gentimes start=-1 increment=10s 
| eval node=mvindex(split("AB",""),random()%2)
| eval in=random()%100
| eval out=random()%100
| rename starttime as _time 
| table _time node in out


| timechart span=30m avg(in) avg(out) by node
| eval "total: A"='avg(in): A'+'avg(out): A'
| eval "total: B"='avg(in): B'+'avg(out): B'
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...