Solved: additional info on timechart

indeed_2000 · ‎11-22-2021

Hi

I need to show id1,id2 on timechart

have table with these columns:

index="myindex" | table duration servername id1 id2

duration Time servername id1 id2
2.643000 2021-22-11 18:30:45 Server1 111 32
2.009000 2021-22-11 18:30:45 Server2 321 72

need to create timechart that show durations by servernames and additional column data id1, id2

Any idea?
Thanks

ITWhisperer · ‎11-22-2021

This is not possible with the standard timechart because you have too many dimensions, time, servername, duration, id1 and id2. You can do it with 3 dimensions e.g. time, servername and one of duration, id1, id2

| xyseries Time servername duration

View solution in original post

ITWhisperer · ‎11-22-2021

This is not possible with the standard timechart because you have too many dimensions, time, servername, duration, id1 and id2. You can do it with 3 dimensions e.g. time, servername and one of duration, id1, id2

| xyseries Time servername duration

additional info on timechart

chart

fields

join

rex

stats

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?