Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

charting the values, not the instances

Michael
Contributor
‎11-19-2010 09:17 PM

...been surfing for this question, can't find it, although I'm sure it's been answered...

I can't figure out how to do (what I think is) a simple chart of the values in a field, not the number of times it's seen. For example, I have a simple cron.hourly script that creates a text file with a timestamp and a value (the drive space used in a given volume).

It returns the following:

Fri Nov 19 15:01:01 2010 percentage_used=42

This is parsed fine (i.e. timestamp, "percentage_used" field) but when charting it, I can't figure out how to simply chart the values over time.

To make matters more challenging is: ultimately I want to create a single chart of several of by systems' drive space over time (split by host). Doesn't seem too difficult, but I'm feeling a little short-bus on this...

Thanks in advance! Mike

Tags (2)
Reply

kevintelford
Path Finder
‎11-19-2010 10:30 PM

If you want to just show the values you could do " | stats list(percentage_used)" or " | stats values(percentage_used)", depending on if you wanted percentage used to be deduped or not. Also, in the end something like " | timechart per_hour(percentage_used) by host" is what you'll be looking for.

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...