Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

chart with multiple scales?

Justin_Grant
Contributor
‎05-25-2010 04:47 PM

Can Splunk show (and if so, how?) different scales for each line in a line graph while auto-computing the correct scale for each (meaning the lines will auto-size their height based on the max value for each metric)?

more details: in a security-related view, I'd like to chart attempted logins/day and failed logins/day on the same line graph. But attempted logins will (hopefully!) outnumber failed logins by 100x or more. So I'd like to use different scales for each metric.

Tags (2)
Reply

sxp5686
Explorer
‎12-27-2017 11:40 PM

Can Anyone tell how we can get below graalt textgh using splunk.

,Can anyone tell how to get below graph using splunk.alt text

Preview file
20 KB
Preview file
20 KB
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2017 05:45 AM

@sxp5686, You're asking a new question in a thread that is more than 7 years old. For better chances at getting help, please post a new question.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

breischl
Engager
‎10-09-2014 10:17 AM

I found that you can do this, at least in v6.1.
In the visualization editor...

  1. Select the "Chart Overlay" tab
  2. type in your alternate series (ie, the one to put on the right side y-axis) in the first field
  3. Set "View as Axis" to true
  4. Select a reasonable scale

That should do it.

Reply

Jason
Motivator
‎06-23-2010 03:12 PM

I am at a client that is requesting this functionality as well. They want to be able to plot the number of sessions opened (in the thousands) and the percentage of memory used on the same graph to show correlation.

Is this possible?

Reply

Justin_Grant
Contributor
‎06-24-2010 03:32 AM

looking at the other answers, it looks like (so far at least) no one has figured out how to do this.

0 Karma
Reply

Yancy
Path Finder
‎06-14-2010 09:31 PM

Have you tried applying a log scale to the graph? Seems like a good use case for graphing counts that are in the 10x or 100x difference.

I was hopeful that the Multiseries 'split' chart type would do this, but each of the series adhere to the same scale.

I also think this could be good seperated into two stacked graphs measuring the same time period. You would need to make a view that incorporated separate searches into it.

Reply

rotten
Communicator
‎05-25-2010 08:30 PM

If you are more interested in relative trends than actual counts you could try normalizing the data. It might be as simple as "| timechart loginCount/max(loginCount) failedCount/max(failedCount)"

That would give you a peak value of "1" for both (when you are the max for your search interval).

Multiple scale graphs are generally considered poor visualizations and should be avoided.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...