Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Merge two line chart with different query in to si...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Merge two line chart with different query in to single line chart
karthi25
Path Finder
02-13-2019
05:31 AM
I have two line chart with different queries as follows:
<chart>
<search>
<query>index=*** source=*** |spath path=TestSplunkLog.TestFailureLog.payload.failureCount output=failureCount|spath path=TestSplunkLog.TestFailureLog.payload.startTime output=startDate| sort -splunkLogId | eval runDate = strftime(strptime(startDate, "%Y-%m-%d %H:%M"),"%Y-%m-%d %H:%M") | chart values(failureCount) as FAILURERECORDCOUNT over runDate</query>
<earliest>$dashboardTime.earliest$</earliest>
<latest>$dashboardTime.latest$</latest>
<refresh>30m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.axisTitleX.text">Date</option>
<option name="charting.axisTitleY.text">Record Count</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.chart">line</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.legend.placement">none</option>
</chart>
<chart>
<search>
<query>index=*** source=*** |spath path=TestSplunkLog.TestSuccessLog.payload.successCount output=successCount|spath path=TestSplunkLog.TestSuccessLog.payload.startTime output=startDate| sort -splunkLogId | eval runDate = strftime(strptime(startDate, "%Y-%m-%d %H:%M"),"%Y-%m-%d %H:%M") | chart values(successCount) as SUCCESSRECORDCOUNT over runDate</query>
<earliest>$dashboardTime.earliest$</earliest>
<latest>$dashboardTime.latest$</latest>
<refresh>30m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.axisTitleX.text">Date</option>
<option name="charting.axisTitleY.text">Record Count</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.chart">line</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.legend.placement">none</option>
</chart>
Now, I want to merge this two line chart and convert it to single multi-line chart. Since the JSON path varies, I felt difficult to do this. Can anyone please help me on this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
03-02-2019
08:19 PM
Can you work with this?
index=*** source=*** |spath path=TestSplunkLog.TestSuccessLog.payload ...
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
