Splunk Search

How to Chart a value vs another value? (Not Time!)

New Member

Possibly a stupid question but I've trying various things. If I google, all the results are people looking to chart vs time which I can do already. I hope to be able to chart two values (not time) from the same event in a graph without needing to perform a function on it. Thank you for your time.

0 Karma


The simplest answer is to just make a | table val1 val2. Then switch to the Visualization tab and select a visualization like Line Chart, where your table will be graphed with val1 on the x axis, and val2 on the y axis.

If you wish to graph more than 2 values, add them to your table also. Columns 2 and beyond will be graphed as separate series against the first column. This behavior is much like you'd expect making a line chart in excel.

0 Karma

0 Karma


In general, I would say yes you can, but you will get the most helpful answer if you share more information about what exactly you are trying to do. Some sample data and the fields you want to chart would be most helpful.

0 Karma

Super Champion

really any visualization would work for that, i think, but the two that come to mind would be a scatter chart or a bubble chart. but as @rjthibod said, to really get a good answer, sample data and a more in depth explanation would be more helpful.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!