Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Series Line Chart Dashboard

vtrujillo
Explorer
‎08-24-2010 08:31 PM

Hi everyone!

I'm trying to add a new series to my line chart from my dashboard's xml file. (Which means I want to display 2 lines on my chart).

So far I have the following:

<?xml version='1.0' encoding='utf-8'?>
<dashboard>
  <!--
NOTE: This file was automatically generated by Splunk.  Use caution when editing manually.
-->
  <label>SLU CPU PERFORMANCE</label>
  <row>
    <chart>
      <option name="charting.chart">line</option>
      <searchString>source="*slu*" CPU_IDLE_USAGE="*" | timechart max(CPU_IDLE_USAGE)</searchString>
      <title>CPU PERFORMANCE</title>
      <option name="drilldown">all</option>
    </chart>
  </row>
  <row>
    <table>
      <searchString>source="*slu*" CPU_IDLE_USAGE="*"</searchString>
      <title>Results</title>
      <option name="drilldown">row</option>
    </table>
  </row>
</dashboard>

... and I would like to add the CPU_SYS_USAGE="*" field as a series to this chart.

Thank you in advance.

Bye!

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-24-2010 08:56 PM

I suppose all you should need to do is use:

source=*slu* | timechart max(CPU_IDLE_USAGE) max(CPU_SYS_USAGE)

(or average(CPU_SYS_USAGE) or some other aggregator function besides max() if you prefer).

View solution in original post

Reply
Solved! Jump to solution

p1rate5s
Explorer
‎03-03-2014 10:07 AM

Use max() and set the span to be lower than the time between data points so you only capture one data point in a span.

Reply
Solved! Jump to solution

vtrujillo
Explorer
‎08-30-2010 08:37 PM

Thanks!

Now, what if I don't want to plot a max() or an avg()?

I just want to show the numbers that CPU_IDLE_USAGE have. For example: 

_time              CPU_ID CPU_IDLE_USAGE 
8/23/10 11:25:00.000 PM 0 90 
8/23/10 11:20:00.000 PM 0 83 
8/23/10 11:15:00.000 PM 0 81 
8/23/10 11:10:00.000 PM 0 82 
8/23/10 11:05:00.000 PM 0 88 
8/23/10 11:00:00.000 PM 0 78

I would like to plot the following values: 90, 83, 81, 82, 88... etc. How can I do that?

Thank you again

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎08-24-2010 08:56 PM

I suppose all you should need to do is use:

source=*slu* | timechart max(CPU_IDLE_USAGE) max(CPU_SYS_USAGE)

(or average(CPU_SYS_USAGE) or some other aggregator function besides max() if you prefer).

Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...