Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Multiple graphs in line chart

patilsh
Explorer
‎06-19-2017 03:49 PM

Hello All,

I have a data as below :
Where for every callId there are list of values in next column. So I have some 10 callId and for every callId and I have list of values in column 2

alt text

Now I want to plot a line chart , for the values in column 2 such that every callId corresponds to a separate line in visualization.

Can someone please tell me how can we achieve this.

Regards
Shailendra Patil

Tags (1)
Preview file
31 KB
0 Karma
Reply

somesoni2
Revered Legend
‎06-19-2017 04:21 PM

I think you current search ends like this ..| stats list(entryData.LevelIn) by callId. Instead just use like this

your search before the stats | stats avg(entryData.LevelIn)  as AvgLevelIn by callId
0 Karma
Reply

patilsh
Explorer
‎06-19-2017 04:44 PM

index="alpha_all_careport_event" userId="90925fcb-4543-4d9e-87f4-51ab9b4b7cd8"|stats list(eventData.txLevelIn) by callId|rename "list(eventData.txLevelIn)" AS Levelin|mvexpand Levelin|streamstats count AS serial BY callId|chart avg(Levelin) OVER serial BY callId

This is how it ends , its shows as 352 events , but in table i can see 100 only for each

0 Karma
Reply

woodcock
Esteemed Legend
‎06-19-2017 04:01 PM

Add this to the bottom of your existing search:

... | rename "list(EventData.txt.Levelin)" AS Levelin
| mvexpand Levelin
| streamstats count AS serial BY callId
| chart avg(Levelin) OVER serial BY callId
0 Karma
Reply

patilsh
Explorer
‎06-19-2017 04:27 PM

Hey, Thanks for the help,

But i can just see 100 events for each ID here ?

Is that a limit ?

0 Karma
Reply

woodcock
Esteemed Legend
‎06-19-2017 06:04 PM

There is a limit on list (and values) but I think it is 1000, not 100.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...