Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Values in bar chart varying

Devi13
Path Finder
‎07-11-2023 07:42 AM

Hello Team,

I have a bar graph representing data,

When I keep the timechart span=15m and run the search for 1h

The value for the last 15 mins is showing high and after sometime if I run the same search the value is showing normal.

Is it an expected behaviour and why is it happening like this.

How to fix this, any help is appreciated.

Eg

9:00 - 9:15 30

9:15 - 9:30 36

9:30 - 9:45 45

9:45 - 10:00 180

After sometime

9:45 - 10:00 49

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 08:05 AM

Hi @Devi13,

did you added some other filter in your search?

are the other values the same?

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

Devi13
Path Finder
‎07-11-2023 09:23 AM

Hello @gcusello ,

index=* host=* OR host=* source="*" "xxxx"
| dedup AA
| timechart span=1d count by host

But when I check tomorrow, the values are going down..

Preview file
13 KB
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 11:23 PM

Hi @Devi13,

what does it happen if you don't use dedup, there's the same behaviour?

ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Devi13
Path Finder
‎07-12-2023 02:44 AM

Hello @gcusello ,

We are good now, seems there was glitch in fetching the logs.

Thank you for your assistance.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 02:45 AM

Hi @Devi13 ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 07:52 AM

Hi @Devi13,

could you share your search?

ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Devi13
Path Finder
‎07-11-2023 07:59 AM

Hello @gcusello ,

I am trying to get to know about splunk, I have a simple search,

index=abc host=abc source=abc
"xxx/*"
| timechart span=15m count by host

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 08:05 AM

Hi @Devi13,

did you added some other filter in your search?

are the other values the same?

Ciao.

Giuseppe

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...