Solved: Re: Visualization for data with large difference i...

GenericSplunkUs · ‎07-24-2017

I can't seem to find the right terms to search to find my answer so I'm hoping someone here can help me.

I'm looking for a clean way to do the timechart command when your field values could be 5 or 500,000. With such a large difference it makes plotting them on a map useless for the smaller numbered results. I would do this to a table, but it's nice to have the timechart command show the usage over time and make it a good visual reference.

If you have another way to do this, or another command I should use that would be great.

Thanks,

DalJeanis · ‎07-24-2017

Go ahead and use timechart. Change the visualization format for the Y axis to log.

View solution in original post

DalJeanis · ‎07-24-2017

Go ahead and use timechart. Change the visualization format for the Y axis to log.

GenericSplunkUs · ‎07-25-2017

Thank you, this is exactly what I wanted. I knew it had to be a simple option i just couldn't find.

DalJeanis · ‎07-25-2017

Yw. @GenericSplunkUser - if your question has been answered, then please accept the answer so the question will show as solved.

GenericSplunkUs · ‎07-25-2017

I thought i had done that, Thanks for the reminder.

Visualization for data with large difference in values.

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms