Re: How to sort values on x-axis based on the valu...

bollam · ‎11-30-2018

Hello,

I'm trying to plot a graph based on three fields.

The events contain the job, startTime, usedMemory. I want to plot a graph based on the start_time(epochTime) of the job.

I have a query written as follow.

index=main 
| eventstats earliest(startTime) as start_time by job
| stats first(totalMB) as total sum(UsedMB) AS a by start_time, stage
| eval pct=round((a/total)*100,2)
| table start_time stage pct

This query is giving me the right results as expected.

job start_time pct
b 00:05 20
c 00:10 15
f 00:25 55
a 00:00 40
d 00:15 60

When trying to plot a graph using following query, The job is getting sorted in the ascending order which I do not want.
I wanted the way how it is shown above on the x-axis ( b c f a d )

I need the values on the x-axis how the results with table command.

index=main 
| eventstats earliest(startTime) as start_time by job
| stats first(totalMB) as total sum(UsedMB) AS a by start_time, job
| eval pct=round((a/total)*100,2)
| table start_time job pct
| chart avg(pct) as Mem_used by job

kamlesh_vaghela · ‎11-30-2018

@bollam

You can try by retaining order in other field..

Can you please try this?

index=main 
| eventstats earliest(startTime) as start_time by job
| stats first(totalMB) as total sum(UsedMB) AS a by start_time, job
| eval pct=round((a/total)*100,2)
| table job start_time pct | eval no=1 | accum no | chart avg(pct) as Mem_used values(no) as no by job | sort no | fields - no

bollam · ‎12-02-2018

@kamlesh_vaghela, Thanks much!! It worked

kamlesh_vaghela · ‎12-03-2018

@bollam

Glad to help you. Can you please accept the answer to help the community.

Happy Splunking

How to sort values on x-axis based on the values of other fields

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!