Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Scatter Plot of some data

wweiland
Contributor
‎10-04-2013 06:39 AM

I'm new to Splunk and trying to create graphs on some information that I'm collecting. I have lots of jobs that run everyday and provide the data below after they run. I would like to create a scatter point graph that is a timechart of resources_used.ncpus for a 24H period. I would also like to create a scatter point graph of resources_used.ncpus and resources_used.walltime.

10/04/2013 08:29:20;0010;somehost;Job;131091.somehost;Exit_status=0 resources_used.cpupercent=93 resources_used.cput=00:01:42 resources_used.mem=7284kb resources_used.ncpus=33 resources_used.vmem=57556kb resources_used.walltime=00:34:41

Can someone point me in the right direction? I can't figure out how to get the datapoints into the graph.

Thank you in advance.
Todd

0 Karma
Reply

Simon_Fishel
Splunk Employee
Splunk Employee
‎10-10-2013 09:24 AM

For your timechart, this should do the trick, you can control the time range using the time range picker in the UI:

index=yourindex sourcetype=yoursourcetype ... | timechart avg(resources_used.ncpus) as "resources_used.ncpus"

For the scatter chart, try this:

index=yourindex sourcetype=yoursourcetype ... | table resources_used.ncpus resources_used.walltime

Reply

wweiland
Contributor
‎10-11-2013 05:09 PM

I think I understand. Thank you again.

0 Karma
Reply

SanthoshSreshta
Contributor
‎05-12-2015 05:15 AM

Is there possibility to change the shape of scatter plot. I am getting rectangle , i need bubble .
Is there possibility to change the size of rectangle in graph.

0 Karma
Reply

wweiland
Contributor
‎10-09-2013 12:30 PM

Any other suggestions?

0 Karma
Reply

somesoni2
Revered Legend
‎10-06-2013 07:33 AM

Try below search

index=yourindex sourcetype=yoursourcetype...| timechart span=1d max(resources_used.ncpus) as "resources_used.ncpus"

If you are using a dashboard, select the chart type as scatter.

Reply

wweiland
Contributor
‎10-06-2013 04:59 PM

The scatter option is greyed out. I can't seem to format the output in a way that scatter can be used.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...