Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

chart graph help

surekhasplunk
Communicator
‎11-26-2020 07:35 PM

Hello,

I have data in a lookup file which i am appending everyday instead of indexing. 

Time Device Infra Average Tool1 Tool2
11/26/2020 03:56 6223 95 88.41 95.69
11/27/2020 03:56 6220 94 88.39 95.74

And in the lookup file i have data in above format. 

What is the best way to show in a graph/chart the evolution of each field by Time 

Thanks

Labels (2)
Labels
Tags (3)
0 Karma
Reply

to4kawa
Ultra Champion
‎11-27-2020 05:08 AM 
index=_internal | head 1 | fields _raw | eval _raw="Time Device Infra Average Tool1 Tool2
11/26/2020 03:56 6223 95 88.41 95.69
11/27/2020 03:56 6220 94 88.39 95.74"
| multikv 
| eval _time=strptime(Time." ".Device,"%m/%d/%Y %H:%M")
| table _time Infra Average Tool1 Tool2

>What is the best way to show in a graph/chart the evolution of each field by Time 
The data doesn't explain anything about the meaning of.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-26-2020 11:59 PM

What are you trying to achieve? Why are you collecting the data? What insights do you hope to get from your charts/graphs? How does your data change over time? Answer some of these questions and it would easier to help you.

0 Karma
Reply

surekhasplunk
Communicator
‎11-27-2020 01:02 AM

What are you trying to achieve?  to see the trend of the numbers changing each day

Why are you collecting the data? to see the percentage of devices monitored in some of our tools. And work on the missing ones. 

What insights do you hope to get from your charts/graphs? How does your data change over time?

every day/ every week once i am planning to append the csv file . from the chart/graph i need to show the change of numbers over time 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-27-2020 03:55 AM

Have you loaded the file (inputlookup)? Use fields to list the fields you are interested in starting with the time field so it becomes the x-axis, then select the line graph visualisation

0 Karma
Reply

surekhasplunk
Communicator
‎11-27-2020 05:36 AM

Yes i did load the lookup file. 

Use fields to list the fields you are interested in starting with the time field so it becomes the x-axis, then select the line graph visualisation

(Here i wanted the query if can can help me with the exact query it will be helpful. )

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-27-2020 05:49 AM

What have you tried so far?

0 Karma
Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...