Solved: How can I create a timechart for two different sea...

oscargarcia · ‎03-29-2011

Hi,

I want to create a timechart that plots results from two separate searches overlapped in the same chart. An example would be timecharting CPU use along Memory use in the same graph.

Any ideas?

Many thanks

LCM · ‎03-30-2011

If you have the *nix app installed, you can copy/paste this command!

sourcetype=vmstat OR sourcetype=cpu | multikv fields memUsedPct pctIdle | eval CPU_Usage=100-pctIdle | timechart span=10m avg(CPU_Usage) avg(memUsedPct) by host

That gives you a combined timechart (10mins avg.) over CPU & Memory usages per host

View solution in original post

LCM · ‎03-30-2011

If you have the *nix app installed, you can copy/paste this command!

sourcetype=vmstat OR sourcetype=cpu | multikv fields memUsedPct pctIdle | eval CPU_Usage=100-pctIdle | timechart span=10m avg(CPU_Usage) avg(memUsedPct) by host

That gives you a combined timechart (10mins avg.) over CPU & Memory usages per host

oscargarcia · ‎03-30-2011

Thanks! the "multikv fields" was the key one.

How can I create a timechart for two different searches

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

Are you a member of the Splunk Community?

How can I create a timechart for two different searches

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025