Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Timechart of values

tbrown
Path Finder
‎08-07-2020 10:01 AM

This is probably a really simple question but I have events coming in every minute.

I've used  | rex field=_raw .... to extract a field from those events.

How do I plot these field values over time?

tbrown_0-1596819512301.png

This is what my statistics look like. 

I've tried 

| timechart span=1m values(Last_Heartbeats)

but nothing shows up on my line graph. I've also tried it without a span, I've tried | stats with a | bucket command, I've tried dc(Last_Heartbeats) but I can't figure it out.

Labels (5)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎08-09-2020 04:37 PM

See that your numbers in that column are left justified - that's always a good indicator that Splunk does not think they are numbers, so @isoutamo 's reply is likely to fix your problem

Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-07-2020 10:19 AM

Are you sure that those Last_Heartbeats are numbers? If not then use

eval Last_Heartbeats = tonumber (trim(Last_Heartbeats))

r. Ismo

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...