Re: Chart showing additonal info

john · ‎09-26-2012

Hi,

I am trying to create a chart on the basis of difference of two fields same time on the right side it should show the orginal value of that two fields is it posible.

eg:
time_XX time_YY
10 20

kristian_kolb · ‎09-27-2012

Since you haven't provided any sample events, I'll assume that your event looks like this, in a sourcetype called "X".

2012-09-27 11:09:22 userid=bob A=20 B=30
2012-09-27 11:12:31 userid=eve A=24 B=10

This search:

sourcetype=X | eval AB_diff = A - B | table A, B, AB_diff

would give you the result;

A    B     AB_diff
20   30    -10
24   10    14

If this is not what you want to achieve, please provide better sample data and more detailed requirements.

Hope this helps,

Kristian

john · ‎09-26-2012

Hi kristian,

What iam looking for is a chart which showing difference of two fields.Eg A-B and same time i want to show the value of A and B in the same chart as legend.I have tried certain queryies but not getting a right result in chart iam expecting.
eg :A B Defference of A & B
20 30 10
Chart on difference only but user want to see the value of both A and B too.

kristian_kolb · ‎09-26-2012

I'm sorry. I think you'll have to rephrase that a little bit. Perhaps also include a few sample events and the desired output.

Chart showing additonal info

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor