Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

line chart with 2 sets of numbers

a238574
Path Finder
‎04-18-2018 06:41 AM

Ok this has to be easy but for some reason I cant figure it out. I have a query that produces two sets of stats

23 5
45 7
19 2

I would like to see these numbers in a line chart as 2 lines with a single data point for each number. When I try to select line chart for the visualization by default it tries to pick the 1st set of numbers as the x axis. How do you just tell to graph the numbers

Tags (1)
0 Karma
Reply

niketn
Legend
‎04-18-2018 08:10 AM

@a238574, For plotting two series on chart, you should also have aggregation field name as first first column i.e.

sno     stats1   stats2
sno1    23       5
sno2    45       7
sno3    19       2

So you would ideally need to retain aggregation field name in your final result or need to create one. Please share your current query if you need us to look and correct the same. In order to create a new field one of the ways would be to use streamstats 

<yourCurrentSearch>
    | streamstats count as sno 
    | eval sno="sno".sno 
    | table sno <yourFirstStatsField> <yourSecondStatsField>

Following is the run anywhere search based on sample data provided.

| makeresults 
| eval data="23,5;45,7;19,2" 
| makemv data delim=";" 
| mvexpand data 
| makemv data delim="," 
| eval stats1=mvindex(data,0),stats2=mvindex(data,1) 
| fields - _time data 
| streamstats count as sno 
| eval sno="sno".sno 
| table sno stats1 stats2

Please try out and confirm!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

TISKAR
Builder
‎04-18-2018 07:41 AM

Hello,

If you try by this:

index=_internal | stats count sum(bytes) by version

And then select multiseries mode in formt of the chart

can you add information please?

thanks

0 Karma
Reply

kmaron
Motivator
‎04-18-2018 07:16 AM

Could you please share your search query (with sensitive data left out)? It will be much easier to help if we can see that.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...