Solved: Re: How to chart field values by another field _ti...

macadminrohit · ‎03-12-2018

Hi,

I am running this query:

index=servers sourcetype=json Name=* Version=* Id=* | dedup _raw |fillnull bdy.ex.Msg value="NullBdyExMsg"|chart count over Name bylevel | eval ratio=((Critical+Error)/Information)

I want a line chart visualization which shows different lines for Name field and _time on X-axis. I tried all the possible options but it doesn't work.

tiagofbmm · ‎03-12-2018

Hi

Name field and _time on X-axis, Try this:

index=servers sourcetype=json Name= Version= Id=* 
| dedup _raw 
|fillnull bdy.ex.Msg value="NullBdyExMsg"
| bucket _time
|chart count over _time by Name

View solution in original post

tiagofbmm · ‎03-12-2018

Hi

Name field and _time on X-axis, Try this:

index=servers sourcetype=json Name= Version= Id=* 
| dedup _raw 
|fillnull bdy.ex.Msg value="NullBdyExMsg"
| bucket _time
|chart count over _time by Name

tiagofbmm · ‎03-21-2018

Please let me know if the answer was useful for you. If it was, accept it and upvote. If not, give us more input so we can help you with that

How to chart field values by another field _time?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!