Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

returning zero value for non existent event in time chart

Depressedadmin
Explorer
‎11-25-2020 11:48 AM

Hi

i want to make a chart that shows real time packet loss percentage of gateways  but there are two problem

1.the firewall sends logs only when packet loss  occurring therefor in line-chart there is no correct value for zero packet loss since line match two non zero points

2. i want to show all five gateway in single chart with different colors

here is what i search and get...chart.jpg

TNX

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

impurush
Contributor
‎11-25-2020 11:57 AM

Hi @Depressedadmin ,

For both of your questions, you can use the below answer.

<your base query>
|timechart span=1s count(Loss) as Loss by GATEWAY

This will show all 5 gateway in different colors and it will show the count 0 if it is pocket loss.

PS: Do not select All time until unless it is required and with timechart you can retrieve only 10000 rows at a time, so choose the time wisely else increase the span to 1m or 1h or 1d.

View solution in original post

Reply
Solved! Jump to solution
Solution

impurush
Contributor
‎11-25-2020 11:57 AM

Hi @Depressedadmin ,

For both of your questions, you can use the below answer.

<your base query>
|timechart span=1s count(Loss) as Loss by GATEWAY

This will show all 5 gateway in different colors and it will show the count 0 if it is pocket loss.

PS: Do not select All time until unless it is required and with timechart you can retrieve only 10000 rows at a time, so choose the time wisely else increase the span to 1m or 1h or 1d.

Reply
Solved! Jump to solution

Depressedadmin
Explorer
‎11-25-2020 12:44 PM

tnx alot for response, i wanted the value of Loss percentage itself no count or avg or ...

i used list and values instead of count and result is correct but there is points on chart instead of lines...

Screenshot_2020-11-26 Search Splunk 8 0 5.png

0 Karma
Reply
Solved! Jump to solution

impurush
Contributor
‎11-25-2020 12:50 PM

Hi @Depressedadmin ,

to make it looks like a line, please go to Format-> select the second one in the Null values. This will help to plot the line when it is null values.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...