Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the best command to make a line chart from regex?

Splunky21
Explorer
‎11-16-2022 01:44 PM

I created a custom regex to filter on a numeric value called "window size" which varies from positive to negative, and I want to display hosts by IP. Trying to figure out the best command (chart,stats) etc. I really want it to have hosts all on a line graph and their unique window sizes... 

I'm not sure if I have to use trellis to accomplish this, but I was hoping to make each line a host IP address and possibly have the x axis represent the window sizes available with the up/down spikes in window sizes being demonstrated.

I already have my two fields, just cant figure out how to display the data correctly in a visualization. NOTE: Whenever I do "chart count" this kind of gets in my way because count takes up a value and I really don't know how to format it... I need hosts to "dip up and down" with values 

 

Thanks in advance!

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-16-2022 02:25 PM

Can you give an example of the data you are trying to visualise?

0 Karma
Reply

Splunky21
Explorer
‎11-16-2022 02:47 PM

Sure, I have 3 hosts currently (usually like 15). 

Event log looks like this:

Month date time:time:time IPaddress ProductName: [system] year value time:time:time value Product window average: 14.019745

This is pretty uniform throughout all logs, minus the fact the average varies. 

I did a regex to pull on the window average value as "WndwAvg" . 

I'm trying to display the WndwAvg (by host) as a line that's traveling across the graph so you can see when it goes in the negatives (drops alot) or goes up into the positives. Hoping there's a way to take the IP address (host) field and plot it by host. Just want to see all the ups and downs of averages visually. 

 

Hope this helps without getting too specific!

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-16-2022 10:56 PM 
| timechart values(WndwAvg) by IPaddress
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Top