Solved: additional info on timechart

indeed_2000 · ‎11-22-2021

Hi

I need to show id1,id2 on timechart

have table with these columns:

index="myindex" | table duration servername id1 id2

duration Time servername id1 id2
2.643000 2021-22-11 18:30:45 Server1 111 32
2.009000 2021-22-11 18:30:45 Server2 321 72

need to create timechart that show durations by servernames and additional column data id1, id2

Any idea?
Thanks

ITWhisperer · ‎11-22-2021

This is not possible with the standard timechart because you have too many dimensions, time, servername, duration, id1 and id2. You can do it with 3 dimensions e.g. time, servername and one of duration, id1, id2

| xyseries Time servername duration

View solution in original post

ITWhisperer · ‎11-22-2021

This is not possible with the standard timechart because you have too many dimensions, time, servername, duration, id1 and id2. You can do it with 3 dimensions e.g. time, servername and one of duration, id1, id2

| xyseries Time servername duration

additional info on timechart

chart

fields

join

rex

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation

additional info on timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.