Solved: Re: How can I create a timechart for two different...

oscargarcia · ‎03-29-2011

Hi,

I want to create a timechart that plots results from two separate searches overlapped in the same chart. An example would be timecharting CPU use along Memory use in the same graph.

Any ideas?

Many thanks

LCM · ‎03-30-2011

If you have the *nix app installed, you can copy/paste this command!

sourcetype=vmstat OR sourcetype=cpu | multikv fields memUsedPct pctIdle | eval CPU_Usage=100-pctIdle | timechart span=10m avg(CPU_Usage) avg(memUsedPct) by host

That gives you a combined timechart (10mins avg.) over CPU & Memory usages per host

View solution in original post

LCM · ‎03-30-2011

If you have the *nix app installed, you can copy/paste this command!

sourcetype=vmstat OR sourcetype=cpu | multikv fields memUsedPct pctIdle | eval CPU_Usage=100-pctIdle | timechart span=10m avg(CPU_Usage) avg(memUsedPct) by host

That gives you a combined timechart (10mins avg.) over CPU & Memory usages per host

oscargarcia · ‎03-30-2011

Thanks! the "multikv fields" was the key one.

How can I create a timechart for two different searches

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!