Re: Need chart for two values

edrad80 · ‎08-14-2013

Hi

I have a basic XML file returning, Date-time value and a value in seconds see example("GmtDateTime":"2013-08-14 01:15:26","TotalSeconds":15.593). There is one value every 30 minutes. I need to have a column chart showing x - date-time and Y - TotalSeconds.

I have tried a lot of different options today but can never get it showing correctly.
Just need a pointer in the correct direction

edrad80 · ‎08-15-2013

It almost works, the GmtDateTime is correct but it shows the average TotalSeconds for all instances instead of the correct total

linu1988 · ‎08-14-2013

Provided you are having the fields correctly extracted, you can have |Timechart avg(TotalSeconds) OR Chart avg(TotalSeconds) by GmtDateTime.

Just a table GmtDateTime,TotalSeconds. where your primary axis should be GmtDateTime and TotalSeconds can be secondary axis in module for dashboard

|Timechart span=30m  avg(TotalSeconds)

I have updated the answer, hope it works.

Need chart for two values

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation