Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

Chart with time grouping and multiple fields

harshal_chakran
Builder
โ€Ž09-27-2016 12:02 AM

Hi,
Iam trying to build the chart as below:
alt text

Here I am having two fields as X-Axis (one is Parameter and other is time)
Is there any way I could build this chart? I am using timechart with span of month to group but cant display Parameter.

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Legend
โ€Ž09-27-2016 04:18 AM

I don't know if it's acceptable For you but, using eval command, you could build a new field that contains the other two and then chart by the new field:
It's important to Group events with the bin commands befote charting.
Something like this
Mysearch | bin span=1mon time | eval column=time+myfield | chart count by column
Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Legend
โ€Ž09-27-2016 04:18 AM

I don't know if it's acceptable For you but, using eval command, you could build a new field that contains the other two and then chart by the new field:
It's important to Group events with the bin commands befote charting.
Something like this
Mysearch | bin span=1mon time | eval column=time+myfield | chart count by column
Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

harshal_chakran
Builder
โ€Ž10-09-2016 11:11 PM

Thanks Cusello, thanks for the anwser.
I am good to go with newly formed axis labes like- Param1 Jan16, Param2 Jan16...Param1 Feb16, Param2 Feb16...

0 Karma
Reply