I'm new to Splunk and trying to create graphs on some information that I'm collecting. I have lots of jobs that run everyday and provide the data below after they run. I would like to create a scatter point graph that is a timechart of resources_used.ncpus for a 24H period. I would also like to create a scatter point graph of resources_used.ncpus and resources_used.walltime.
10/04/2013 08:29:20;0010;somehost;Job;131091.somehost;Exit_status=0 resources_used.cpupercent=93 resources_used.cput=00:01:42 resources_used.mem=7284kb resources_used.ncpus=33 resources_used.vmem=57556kb resources_used.walltime=00:34:41
Can someone point me in the right direction? I can't figure out how to get the datapoints into the graph.
Thank you in advance.
For your timechart, this should do the trick, you can control the time range using the time range picker in the UI:
index=yourindex sourcetype=yoursourcetype ... | timechart avg(resources_used.ncpus) as "resources_used.ncpus"
For the scatter chart, try this:
index=yourindex sourcetype=yoursourcetype ... | table resources_used.ncpus resources_used.walltime
Try below search
index=yourindex sourcetype=yoursourcetype...| timechart span=1d max(resources_used.ncpus) as "resources_used.ncpus"
If you are using a dashboard, select the chart type as scatter.