Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Values in bar chart varying

Devi13
Path Finder
‎07-11-2023 07:42 AM

Hello Team,

I have a bar graph representing data,

When I keep the timechart span=15m and run the search for 1h

The value for the last 15 mins is showing high and after sometime if I run the same search the value is showing normal.

Is it an expected behaviour and why is it happening like this.

How to fix this, any help is appreciated.

Eg

9:00 - 9:15 30

9:15 - 9:30 36

9:30 - 9:45 45

9:45 - 10:00 180

After sometime

9:45 - 10:00 49

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 08:05 AM

Hi @Devi13,

did you added some other filter in your search?

are the other values the same?

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

Devi13
Path Finder
‎07-11-2023 09:23 AM

Hello @gcusello ,

index=* host=* OR host=* source="*" "xxxx"
| dedup AA
| timechart span=1d count by host

But when I check tomorrow, the values are going down..

Preview file
13 KB
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 11:23 PM

Hi @Devi13,

what does it happen if you don't use dedup, there's the same behaviour?

ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Devi13
Path Finder
‎07-12-2023 02:44 AM

Hello @gcusello ,

We are good now, seems there was glitch in fetching the logs.

Thank you for your assistance.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 02:45 AM

Hi @Devi13 ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 07:52 AM

Hi @Devi13,

could you share your search?

ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Devi13
Path Finder
‎07-11-2023 07:59 AM

Hello @gcusello ,

I am trying to get to know about splunk, I have a simple search,

index=abc host=abc source=abc
"xxx/*"
| timechart span=15m count by host

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-11-2023 08:05 AM

Hi @Devi13,

did you added some other filter in your search?

are the other values the same?

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...