Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Displaying very small values in timechart

haph
Path Finder
‎08-16-2019 02:33 AM

Hi everyone,

I have continuous data from a leakage test station with values as low as 1e-8 and spikes up to 1e-2 mbar*l/s (in the image its way higher but this is very rare).
Is there a way to display them over this span correctly in a standard timechart?

I already tried to set min or max for y axis and converted the y axis to logarithmic.
The logarithmic scale seems to display only 1, 0.1, 0.01 and not smaller or at least gives the smaller numbers not enough 'room' to display (from 1 to 0.1 is 90% of the timechart area, from 0.1 to 0.01 is 8% and for the smaller values just 2 % of the area).

alt text

A other diagram with js or something is not possible for me at the moment.

Thanks!!

Preview file
36 KB
0 Karma
Reply

akolbus
Explorer
‎12-11-2020 07:56 AM

Here's an example with data from 0-1.  Here the "log-scale" chart is actually just a linear scale chart with gridlines for powers of 10, same as the original post.  Small data is compressed at the bottom of the chart

| makeresults count=4
| streamstats count
| rename count as i
| eval value=pow(10,-i), logValue=log(value)
| chart avg(value) by i

akolbus_1-1607702094857.png

 

Reply

akolbus
Explorer
‎12-11-2020 07:50 AM

sample search: 

| makeresults count=10
| streamstats count
| rename count as i
| eval i=i-4, value=pow(10,i), logValue=log(value)
| chart avg(value) by i

when charted log scale, this data should display as a straight line, and does for values from 10-1000000 (1e1-1e6).  However, splunk does not create divisions for 0.1-1, 0.01-0.01, 0.001-0.01, etc., so the values <10 are incorrectly compressed on the chart

akolbus_0-1607701554194.png

 

Reply

akolbus
Explorer
‎12-11-2020 07:33 AM

I had trouble with this as well.  Log scale charts in splunk appear to be broken for non-positive powers of 10:

  1. Like the above example, when my data is from 0-1 the gridlines display for powers of 10 but the chart is still linear scale (0-0.01 is 1% of the scale, 0.01-0.1 is 9% of the scale, 0.1-1.0 is 90% of the scale).  For a true log scale, 0.01 to 0.1 would have the same vertical scale as 0.1 to 1.0, 1.0-10.0, 10.0.100.0, 0.001 to 0.01, etc.)
  2. When I have data from 0.001-100, the data is charted log scale but the divisions are 0-10, 10-100, 100-1000).  These are equally spaced but I would expect to see gridlines for 1.0, 0.1, 0.01.  The result is that data from 1-100 is easy to visualize but data from 0.001-1.0 is compressed at the bottom of the chart

My workaround is to chart log(value) on a linear scale, but this is not easy to consume for most folks.

Reply

haph
Path Finder
‎08-16-2019 02:36 AM

In the image there is no "0" value. They are actually something like 1e-8

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...