Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

1 graph for two searches

pborucki
New Member
‎03-21-2012 09:23 AM

Hello,

I am new to Splunk and I ma trying to analyze my logfile and create graph for two avg fields by each present different values, here is fragment of my file:

3/21/12
10:03:49.335 AM     

Mar 21 10:03:49.335 [RATE] cur=209.9 lo=209.9 hi=210.0 avg=209.9

3/21/12
10:03:19.335 AM     

Mar 21 10:03:19.335 [RATE] CPU=61658.825: cur=80 avg=81

I need to have graph which present avg value from both lines separately over time.
My problem is that splunk count average value from both avg fields in both lines.
How can I separate them?

thank you

Tags (1)
0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎03-27-2012 08:47 AM

I'd use eval to rename the fields, on a conditional basis, and then plot both values simultaneously:

search RATE
  | eval rate_avg=if(isnotnull(lo), avg, null)
  | eval cpu_avg=if(isnotnull(CPU), avg, null)
  | timechart avg(rate_avg) AS rate_avg, avg(cpu_avg) AS cpu_avg

There'll be two lines on the chart, one labeled rate_avg, and the other as cpu_avg.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...