Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Y-Axis Based on Field Values

PaintItParker
Explorer
‎04-19-2021 02:43 PM

I have a field, SecondsSpentExecuting. A logged event will have that field. I want to visualize my data with a line chart, so the x-axis is _time, and the y-axis is SecondsSpentExecuting, so for a given event, at a given time on the x-axis, you see on the y-axis visually how long it took compared to other events in that line chart.

The current command I am using is:

timechart count by SecondsSpentExecuting

But in this case, the y-axis is the quantity of events that spent x seconds executing, so it does not work for my purposes.

How could I write a command which considers the actual value of the SecondsSpentExecuting field rather than charting by quantity of events?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-19-2021 03:11 PM 
| gentimes start=-1 increment=10m 
| eval SecondsSpentExecuting=random() % 50
| rename starttime as _time 
| fields - endhuman endtime starthuman


| table _time SecondsSpentExecuting

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-19-2021 03:11 PM 
| gentimes start=-1 increment=10m 
| eval SecondsSpentExecuting=random() % 50
| rename starttime as _time 
| fields - endhuman endtime starthuman


| table _time SecondsSpentExecuting
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...