Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Help with simple timechart query
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help with simple timechart query
john_byun
Path Finder
06-23-2014
10:55 AM
I have a list of events that have a specific value associated with each event. I want to create a line graph of those values. How do I do this?
The elapsed time between each event is not consistent, so I want each event to be logged as a data point on my graph to be able to see the trend over time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
06-24-2014
12:14 AM
Hi john.byun,
timechart will do aggregation on the events, if you don't want aggregation use chart or stats like this:
fieldvalue | chart values(fieldvalue) AS fieldvalues over _time
fieldvalue | stats values(fieldvalue) AS fieldvalues by _time
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
06-25-2014
12:04 AM
Please mark this as answered, if it worked for you - thx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
john_byun
Path Finder
06-24-2014
03:00 PM
Perfect! Thank you very much.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
john_byun
Path Finder
06-23-2014
11:44 AM
Here is what my data looks like below. I want to create a line chart with time on the x-axis and the fieldvalue on the y-axis.
Time Field Value
12:15 90
12:25 85
1:00 70
1:30 65
2:30 95
4:00 90
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
john_byun
Path Finder
06-23-2014
11:42 AM
Sorry,
fieldvalue | timechart avg(fieldvalue)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grijhwani
Motivator
06-23-2014
11:32 AM
I don't think that is a complete search command.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
john_byun
Path Finder
06-23-2014
11:25 AM
My current search is simply "timechart avg(fieldvalue)", but this does not give me the results that I want.
- I do not want an average of the values.
- I want each event to be a datapoint rather than giving me a single datapoint every 30 minutes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grijhwani
Motivator
06-23-2014
11:06 AM
As I always say, show us an example of your search, don't describe it.
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
