Splunk Enterprise Security

How do I display 2 lines on a line graph? The fields used are "MatlTemp" and "Hour" and it is sorted by "Batch"

donny__0
Engager

I am using 2 csv files and the "inputlookup" method.  Right now I am appending one of the csv to another csv, but the line chart that is displayed out only have one line. Both of the csv files has the same fields but i want the the graph to have 2 lines, one line for the first "batch" and the second line for the second "Batch" . How do I write the codes to let the graph get sorted by the "Batch" number so there will be 2 lines?

Current codes : 

 | from inputlookup:"5019609_V-094_9007270566.csv"| append [| from inputlookup "5019609_V-094_9007280926.csv"] |  fields  Hr  MatlTemp

Current Picture of line graph :

donny__0_1-1615533293110.png

 

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust
You could rename one of those MatlTemp eg. MatlTemp2 inside append and add also that field to the end of fields.

donny__0
Engager

Okay a second line appeared but is it there a solution to sort the line chart by fields instead? I have a big data so its not efficient to rename the fields every time I want to compare a new set of data. If there is a sorting solution then the data would automatically be sorted by the "Batch" number. Thank You!

 

 

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...