Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is timchart not working on lookup csv data?

venky1544
Builder
‎09-12-2023 04:44 AM

Hi All

i ahve a lookup file .csv where i have timestamp Name and USEDGB values  i have been trying to run a time chart to see the total USEDGB per day Both lookup definition and lookup table file has app permissions 

|inputlookup ABC_DISK_UTILIZATION.csv |eval  _time=Timestamp |timechart span=24h sum(USEDGB)  

the result only shows time but no values of USEDGB can you please help 

Timestamp NAME USEDGB
12/08/2023 22:04 RECO_A 48.61
12/08/2023 13:04 RECO_B 46.21
12/08/2023 03:04 RECO_C 46133.89
11/08/2023 20:01 RECO_A 164.11
11/08/2023 18:01 RECO_B 48.61
11/08/2023 16:01 RECO_C 46.21
10/08/2023 22:00 RECO_A 45327.22
10/08/2023 17:00 RECO_B 193.4
10/08/2023 08:00 RECO_C 48.61
09/08/2023 21:00 RECO_A 46.21
09/08/2023 13:00 RECO_B 45205.72
09/08/2023 06:00 RECO_C 132.57
08/08/2023 19:00 RECO_A 48.61
08/08/2023 12:00 RECO_B 46.21
08/08/2023 10:00 RECO_C 45203.77
07/08/2023 22:00 RECO_A 132.56
07/08/2023 14:00 RECO_B 48.61
07/08/2023 07:00 RECO_C 46.21
06/08/2023 22:04 RECO_A 45199.08
06/08/2023 13:04 RECO_B 123.85
06/08/2023 03:04 RECO_C 48.61
05/08/2023 20:01 RECO_A 46.21
05/08/2023 18:01 RECO_B 45196.12
05/08/2023 16:01 RECO_C 117.4

 

venky1544_0-1694519142205.png

 

 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-12-2023 05:11 AM

The timestamp commands requires the _time field, which must be in epoch form.  Convert Timestamp into _time using strptime().

|inputlookup ABC_DISK_UTILIZATION.csv 
|eval _time=strptime(Timestamp, "%d/%m/%Y %H:%M") 
|timechart span=24h sum(USEDGB)

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

venky1544
Builder
‎09-12-2023 06:03 AM

Hi @richgalloway 

did tried that not working 😞

 

venky1544_0-1694523790391.png

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-12-2023 06:48 AM

There doesn't appear to be anything wrong with your search - perhaps it is your data. Please share some actual rows from your csv.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...