- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Make chart value ranges and show the number of hit...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a database with two values (time and fees). It shows the fees that someone pays and the time in seconds each transactions take to validate. representing it is a simple bar chart like
source="dbmon-dump://Bitcoin/Transactions" | eval Fee=fee/1000 | chart avg(Fee) by time
I would like to represent time ranges, as I have several times for each transaction and it's difficult to represent in a bar chart, e.g the field time defined as groups of 100 (0-100, 101-200, 201-301 and so on).
If there is a way, I would also like to represent the number of transactions (number of rows) is used in each time and represent it in the same chart, in line mode. for example having in the range of 0-100 an average value of 25 fee (which is showed as the first column with 25 in heigh in the y-axis) and, let's say, a point in 200 (with a new Y-axis) which represents the number of rows used to obtain the column.
Can anybody help with this? this should be very simple by I'm start working with spunk.
Thank you very much !!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not
source="dbmon-dump://Bitcoin/Transactions" | eval Fee=fee/1000 | timechart avg(Fee) span=15m
where you can make the span any time range that you like?
(Although if you make a huge number of small time ranges, there won't be enough pixels for Splunk to graph it! You will get a warning - and no graph.)
Or, since your data may not have a timestamp
source="dbmon-dump://Bitcoin/Transactions" | eval Fee=fee/1000
| bucket time span=15m | chart avg(Fee) by time
This assumes that the time field is in Linux epoch time. If it is not, you can convert it:
eval time=strptime(time,"%Y-%m-%d %H:%M:%S")
for example, but your time format could be different.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not
source="dbmon-dump://Bitcoin/Transactions" | eval Fee=fee/1000 | timechart avg(Fee) span=15m
where you can make the span any time range that you like?
(Although if you make a huge number of small time ranges, there won't be enough pixels for Splunk to graph it! You will get a warning - and no graph.)
Or, since your data may not have a timestamp
source="dbmon-dump://Bitcoin/Transactions" | eval Fee=fee/1000
| bucket time span=15m | chart avg(Fee) by time
This assumes that the time field is in Linux epoch time. If it is not, you can convert it:
eval time=strptime(time,"%Y-%m-%d %H:%M:%S")
for example, but your time format could be different.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
despite it's not really a time chart because I'm just trying to pair the number of seconds a transactions takes long, the bucket time span=100s works for me and now the chart is grouping it, so it's a perfect solution, thank you very much !!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For adding the second chart I can ask myself with:
source="dbmon-dump://Bitcoin/Transactions" | eval Fee=fee/1000 | chart avg(Fee) count by time
this gets something like the chart I'm looking for but still missing how to make ranges for the "time" field
Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
