Solved: How can I create a timechart for two different sea...

oscargarcia · ‎03-29-2011

Hi,

I want to create a timechart that plots results from two separate searches overlapped in the same chart. An example would be timecharting CPU use along Memory use in the same graph.

Any ideas?

Many thanks

LCM · ‎03-30-2011

If you have the *nix app installed, you can copy/paste this command!

sourcetype=vmstat OR sourcetype=cpu | multikv fields memUsedPct pctIdle | eval CPU_Usage=100-pctIdle | timechart span=10m avg(CPU_Usage) avg(memUsedPct) by host

That gives you a combined timechart (10mins avg.) over CPU & Memory usages per host

View solution in original post

LCM · ‎03-30-2011

If you have the *nix app installed, you can copy/paste this command!

sourcetype=vmstat OR sourcetype=cpu | multikv fields memUsedPct pctIdle | eval CPU_Usage=100-pctIdle | timechart span=10m avg(CPU_Usage) avg(memUsedPct) by host

That gives you a combined timechart (10mins avg.) over CPU & Memory usages per host

oscargarcia · ‎03-30-2011

Thanks! the "multikv fields" was the key one.

How can I create a timechart for two different searches

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation