Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable to get graph from csv data input.

kingshukm
New Member
‎03-07-2017 04:12 PM

I must have this data to be converted to graph. I have attached the csv. Is it possible?
When I try this it gives be strange spots in graph and below error also.
Steps I have followed:
1. Created a new index in both index console and search head console.
2. Uploaded the input (attached)
3. Saved a new source type and followed the steps till review and submit.
4. Clicked on searching and then I found its not as per my expectation.
alt text
I have attached the desired graph. Can I get this from the attached data?

Tags (1)
Preview file
88 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎03-09-2017 08:54 AM

Assuming that your events have a _time value, you should be able to do it like this:

index=payment_history
| table _time "Average Best 5%" "Average Worst 5%" Average
| untable _time metric value
| timechart span=YourSpanHere avg(value) BY metric
0 Karma
Reply

kingshukm
New Member
‎03-09-2017 02:23 PM

Thanks. I am trying this,

0 Karma
Reply

kingshukm
New Member
‎03-08-2017 09:51 PM

Average Best 5% Average Worst 5% Average
1.19 0.85 2.19
1.49 0.94 5.17
1.33 0.94 2.91
1.42 0.90 3.98
1.41 0.94 3.56

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎03-08-2017 05:22 AM

Hi there!

Splunk can definitely plot data over time, however you will need to use a statistical command like | stats or more likely for this case | timechart to generate the neccessary stats to chart.

Splunk does not automagically spit out vizualization, just like excel requires you to build the vizualization you shared.

Also in the sreenshot you shared Splunk is trying to help lead you to the answer by showing some ways to generate stats.

I would suggest you check out some of our free online tutorials that will get you up to speed on using splunk, found here :

https://www.splunk.com/en_us/resources/getting-started.html

In the meantime if you can share some sample rows of the csv we can help you get your timechart going...

- MattyMo
0 Karma
Reply

woodcock
Esteemed Legend
‎03-07-2017 06:44 PM

Show a few sample events (lines in the CSV).

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...