Re: Two intention searches on one timechart

lain179 · ‎03-25-2013

Hi,

I have two separate searches that I would like to put together one graph. I don't think I can use a join because they are both intention searches. I think I can't use chart overlay either.

The usage is that the user will choose a server from a drop down list, which will trigger those two searches separately. One search creates an area timechart and the second one creates a splitSeries line timechart. Now I have them on two separate chart but I would like to put them on one time chart if possible.

Appreciate any help.

Thanks.

jonuwz · ‎03-25-2013

Its possible but not easy.

You're going to need to come up with a search that mashes all the data into a a single result

i.e.

_time  area_value  split_value1 split_value2 split_value3

Then play with multi axis graphs.
Example here - the color stuff can be ignored - I needed that or something else.

Two intention searches on one timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation