Splunk Search

Displaying very small values in timechart

haph
Path Finder

Hi everyone,

I have continuous data from a leakage test station with values as low as 1e-8 and spikes up to 1e-2 mbar*l/s (in the image its way higher but this is very rare).
Is there a way to display them over this span correctly in a standard timechart?

I already tried to set min or max for y axis and converted the y axis to logarithmic.
The logarithmic scale seems to display only 1, 0.1, 0.01 and not smaller or at least gives the smaller numbers not enough 'room' to display (from 1 to 0.1 is 90% of the timechart area, from 0.1 to 0.01 is 8% and for the smaller values just 2 % of the area).

alt text

A other diagram with js or something is not possible for me at the moment.

Thanks!!

0 Karma

akolbus
Explorer

Here's an example with data from 0-1.  Here the "log-scale" chart is actually just a linear scale chart with gridlines for powers of 10, same as the original post.  Small data is compressed at the bottom of the chart

| makeresults count=4
| streamstats count
| rename count as i
| eval value=pow(10,-i), logValue=log(value)
| chart avg(value) by i

akolbus_1-1607702094857.png

 

akolbus
Explorer

sample search: 

| makeresults count=10
| streamstats count
| rename count as i
| eval i=i-4, value=pow(10,i), logValue=log(value)
| chart avg(value) by i

when charted log scale, this data should display as a straight line, and does for values from 10-1000000 (1e1-1e6).  However, splunk does not create divisions for 0.1-1, 0.01-0.01, 0.001-0.01, etc., so the values <10 are incorrectly compressed on the chart

akolbus_0-1607701554194.png

 

akolbus
Explorer

I had trouble with this as well.  Log scale charts in splunk appear to be broken for non-positive powers of 10:

  1. Like the above example, when my data is from 0-1 the gridlines display for powers of 10 but the chart is still linear scale (0-0.01 is 1% of the scale, 0.01-0.1 is 9% of the scale, 0.1-1.0 is 90% of the scale).  For a true log scale, 0.01 to 0.1 would have the same vertical scale as 0.1 to 1.0, 1.0-10.0, 10.0.100.0, 0.001 to 0.01, etc.)
  2. When I have data from 0.001-100, the data is charted log scale but the divisions are 0-10, 10-100, 100-1000).  These are equally spaced but I would expect to see gridlines for 1.0, 0.1, 0.01.  The result is that data from 1-100 is easy to visualize but data from 0.001-1.0 is compressed at the bottom of the chart

My workaround is to chart log(value) on a linear scale, but this is not easy to consume for most folks.

haph
Path Finder

In the image there is no "0" value. They are actually something like 1e-8

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...