Solved: Visualization for data with large difference in va...

GenericSplunkUs · ‎07-24-2017

I can't seem to find the right terms to search to find my answer so I'm hoping someone here can help me.

I'm looking for a clean way to do the timechart command when your field values could be 5 or 500,000. With such a large difference it makes plotting them on a map useless for the smaller numbered results. I would do this to a table, but it's nice to have the timechart command show the usage over time and make it a good visual reference.

If you have another way to do this, or another command I should use that would be great.

Thanks,

DalJeanis · ‎07-24-2017

Go ahead and use timechart. Change the visualization format for the Y axis to log.

View solution in original post

DalJeanis · ‎07-24-2017

Go ahead and use timechart. Change the visualization format for the Y axis to log.

GenericSplunkUs · ‎07-25-2017

Thank you, this is exactly what I wanted. I knew it had to be a simple option i just couldn't find.

DalJeanis · ‎07-25-2017

Yw. @GenericSplunkUser - if your question has been answered, then please accept the answer so the question will show as solved.

GenericSplunkUs · ‎07-25-2017

I thought i had done that, Thanks for the reminder.

Visualization for data with large difference in values.

Get More Out of Your Security Practice With a SIEM

New This Month - SLO Capabilities, APM Advanced Filtering & Usage Analytics Plus ...

Enterprise Security Content Update (ESCU) | New Releases