Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

1 graph for two searches

pborucki
New Member
‎03-21-2012 09:23 AM

Hello,

I am new to Splunk and I ma trying to analyze my logfile and create graph for two avg fields by each present different values, here is fragment of my file:

3/21/12
10:03:49.335 AM     

Mar 21 10:03:49.335 [RATE] cur=209.9 lo=209.9 hi=210.0 avg=209.9

3/21/12
10:03:19.335 AM     

Mar 21 10:03:19.335 [RATE] CPU=61658.825: cur=80 avg=81

I need to have graph which present avg value from both lines separately over time.
My problem is that splunk count average value from both avg fields in both lines.
How can I separate them?

thank you

Tags (1)
0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎03-27-2012 08:47 AM

I'd use eval to rename the fields, on a conditional basis, and then plot both values simultaneously:

search RATE
  | eval rate_avg=if(isnotnull(lo), avg, null)
  | eval cpu_avg=if(isnotnull(CPU), avg, null)
  | timechart avg(rate_avg) AS rate_avg, avg(cpu_avg) AS cpu_avg

There'll be two lines on the chart, one labeled rate_avg, and the other as cpu_avg.

0 Karma
Reply
Get Updates on the Splunk Community!

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Changes to Splunk Instructor-Led Training Completion Criteria

We’re excited to share an update to our instructor-led training program that enhances the learning experience ...