Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

charting the values, not the instances

Michael
Contributor
‎11-19-2010 09:17 PM

...been surfing for this question, can't find it, although I'm sure it's been answered...

I can't figure out how to do (what I think is) a simple chart of the values in a field, not the number of times it's seen. For example, I have a simple cron.hourly script that creates a text file with a timestamp and a value (the drive space used in a given volume).

It returns the following:

Fri Nov 19 15:01:01 2010 percentage_used=42

This is parsed fine (i.e. timestamp, "percentage_used" field) but when charting it, I can't figure out how to simply chart the values over time.

To make matters more challenging is: ultimately I want to create a single chart of several of by systems' drive space over time (split by host). Doesn't seem too difficult, but I'm feeling a little short-bus on this...

Thanks in advance! Mike

Tags (2)
Reply

kevintelford
Path Finder
‎11-19-2010 10:30 PM

If you want to just show the values you could do " | stats list(percentage_used)" or " | stats values(percentage_used)", depending on if you wanted percentage used to be deduped or not. Also, in the end something like " | timechart per_hour(percentage_used) by host" is what you'll be looking for.

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...