I want to get the average from a value, group this by cluster and hostname and show the value in a timechart.
With the grid-view, I would like to have one panel for each cluster.
index=foo sourcetype=bar | timechart avg(Value) by cluster,hostname
And have for each cluster a separate panel.
Is this possible? I know that multiple by fields are possible with the stats-command.
But, I'm not able to group them with the grid view.
Someone can help me please?
@tgdvopab, what do you imply by Grid View? If you are on Splunk 6.6 or higher, try to feed the output of following query to Trellis Layout and Split by
Cluster as aggregation field.
index=foo sourcetype=bar | bin _time span=1h | stats count by cluster,hostname
@tgdvopab if your issue is resolved, do go ahead and accept the answer to mark this question as resolved!
Thanks for your answer! 🙂
Now I need to have the data from stats in a timechart.
So I think I need also the _time value in stats, for example: stats count by _time,cluster,hostname
But this doesn't work. Do you have an idea?