How to Chart a value vs another value? (Not Time!)

bellstephen41 · ‎06-20-2017

Possibly a stupid question but I've trying various things. If I google, all the results are people looking to chart vs time which I can do already. I hope to be able to chart two values (not time) from the same event in a graph without needing to perform a function on it. Thank you for your time.

emottola · ‎11-09-2019

The simplest answer is to just make a | table val1 val2. Then switch to the Visualization tab and select a visualization like Line Chart, where your table will be graphed with val1 on the x axis, and val2 on the y axis.

If you wish to graph more than 2 values, add them to your table also. Columns 2 and beyond will be graphed as separate series against the first column. This behavior is much like you'd expect making a line chart in excel.

jplumsdaine22 · ‎06-20-2017

Have a look at the | xyseries command

http://docs.splunk.com/Documentation/Splunk/6.6.1/SearchReference/Xyseries

rjthibod · ‎06-20-2017

In general, I would say yes you can, but you will get the most helpful answer if you share more information about what exactly you are trying to do. Some sample data and the fields you want to chart would be most helpful.

cmerriman · ‎06-20-2017

really any visualization would work for that, i think, but the two that come to mind would be a scatter chart or a bubble chart. but as @rjthibod said, to really get a good answer, sample data and a more in depth explanation would be more helpful.

How to Chart a value vs another value? (Not Time!)

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor