Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Series Line Chart Dashboard

vtrujillo
Explorer
‎08-24-2010 08:31 PM

Hi everyone!

I'm trying to add a new series to my line chart from my dashboard's xml file. (Which means I want to display 2 lines on my chart).

So far I have the following:

<?xml version='1.0' encoding='utf-8'?>
<dashboard>
  <!--
NOTE: This file was automatically generated by Splunk.  Use caution when editing manually.
-->
  <label>SLU CPU PERFORMANCE</label>
  <row>
    <chart>
      <option name="charting.chart">line</option>
      <searchString>source="*slu*" CPU_IDLE_USAGE="*" | timechart max(CPU_IDLE_USAGE)</searchString>
      <title>CPU PERFORMANCE</title>
      <option name="drilldown">all</option>
    </chart>
  </row>
  <row>
    <table>
      <searchString>source="*slu*" CPU_IDLE_USAGE="*"</searchString>
      <title>Results</title>
      <option name="drilldown">row</option>
    </table>
  </row>
</dashboard>

... and I would like to add the CPU_SYS_USAGE="*" field as a series to this chart.

Thank you in advance.

Bye!

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-24-2010 08:56 PM

I suppose all you should need to do is use:

source=*slu* | timechart max(CPU_IDLE_USAGE) max(CPU_SYS_USAGE)

(or average(CPU_SYS_USAGE) or some other aggregator function besides max() if you prefer).

View solution in original post

Reply
Solved! Jump to solution

p1rate5s
Explorer
‎03-03-2014 10:07 AM

Use max() and set the span to be lower than the time between data points so you only capture one data point in a span.

Reply
Solved! Jump to solution

vtrujillo
Explorer
‎08-30-2010 08:37 PM

Thanks!

Now, what if I don't want to plot a max() or an avg()?

I just want to show the numbers that CPU_IDLE_USAGE have. For example: 

_time              CPU_ID CPU_IDLE_USAGE 
8/23/10 11:25:00.000 PM 0 90 
8/23/10 11:20:00.000 PM 0 83 
8/23/10 11:15:00.000 PM 0 81 
8/23/10 11:10:00.000 PM 0 82 
8/23/10 11:05:00.000 PM 0 88 
8/23/10 11:00:00.000 PM 0 78

I would like to plot the following values: 90, 83, 81, 82, 88... etc. How can I do that?

Thank you again

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-24-2010 08:56 PM

I suppose all you should need to do is use:

source=*slu* | timechart max(CPU_IDLE_USAGE) max(CPU_SYS_USAGE)

(or average(CPU_SYS_USAGE) or some other aggregator function besides max() if you prefer).

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...