Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Series Line Chart Dashboard

vtrujillo
Explorer
‎08-24-2010 08:31 PM

Hi everyone!

I'm trying to add a new series to my line chart from my dashboard's xml file. (Which means I want to display 2 lines on my chart).

So far I have the following:

<?xml version='1.0' encoding='utf-8'?>
<dashboard>
  <!--
NOTE: This file was automatically generated by Splunk.  Use caution when editing manually.
-->
  <label>SLU CPU PERFORMANCE</label>
  <row>
    <chart>
      <option name="charting.chart">line</option>
      <searchString>source="*slu*" CPU_IDLE_USAGE="*" | timechart max(CPU_IDLE_USAGE)</searchString>
      <title>CPU PERFORMANCE</title>
      <option name="drilldown">all</option>
    </chart>
  </row>
  <row>
    <table>
      <searchString>source="*slu*" CPU_IDLE_USAGE="*"</searchString>
      <title>Results</title>
      <option name="drilldown">row</option>
    </table>
  </row>
</dashboard>

... and I would like to add the CPU_SYS_USAGE="*" field as a series to this chart.

Thank you in advance.

Bye!

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-24-2010 08:56 PM

I suppose all you should need to do is use:

source=*slu* | timechart max(CPU_IDLE_USAGE) max(CPU_SYS_USAGE)

(or average(CPU_SYS_USAGE) or some other aggregator function besides max() if you prefer).

View solution in original post

Reply
Solved! Jump to solution

p1rate5s
Explorer
‎03-03-2014 10:07 AM

Use max() and set the span to be lower than the time between data points so you only capture one data point in a span.

Reply
Solved! Jump to solution

vtrujillo
Explorer
‎08-30-2010 08:37 PM

Thanks!

Now, what if I don't want to plot a max() or an avg()?

I just want to show the numbers that CPU_IDLE_USAGE have. For example: 

_time              CPU_ID CPU_IDLE_USAGE 
8/23/10 11:25:00.000 PM 0 90 
8/23/10 11:20:00.000 PM 0 83 
8/23/10 11:15:00.000 PM 0 81 
8/23/10 11:10:00.000 PM 0 82 
8/23/10 11:05:00.000 PM 0 88 
8/23/10 11:00:00.000 PM 0 78

I would like to plot the following values: 90, 83, 81, 82, 88... etc. How can I do that?

Thank you again

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-24-2010 08:56 PM

I suppose all you should need to do is use:

source=*slu* | timechart max(CPU_IDLE_USAGE) max(CPU_SYS_USAGE)

(or average(CPU_SYS_USAGE) or some other aggregator function besides max() if you prefer).

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...