Hi
I have two result like this
REQ
Name count
Node1.Node2 100
Node3.Node4 500
RSP
Name count
Node2.Node1 60
Node4.Node3 400
How can I compare them on timechart ?
e.g.
put them on timechart so I can see Node2 recieve 100 REQ but response to 60 of them.
need to put them all on timechart.
Any idea?
Thanks,
You need some time element to be able to use a timechart.
It depends on what you are trying to achieve and how you want to display the result.
For example, you could convert all the RSP to negative counts so they show below the x-axis while the REC appear above the line.
You could reverse the nodes in the name so that REC-RSP counts shows the number of non-responses.
1-i have time field, and able to show the count of them by time.
2-just need to compare them on timechart. E.g main chart show REC overly chart show RSP on top of it.
would please tell me spl command of these examples that you mention?
Thank
What searches are you currently using?
What do your events look like?
This isn't a timechart, it is a sankey diagram, what does this have to do with your original question?
Do you have idea about timechart?
Thanks
Do you want the total REC and total RSP per hour? Or something else?
you right I just think about another way to compair them with sankeydiagram.
create another post for it.
rex to combine result - Splunk Community
Here are the events:
REQ
2022-01-29 13:59:46,928 INFO CUS.AbCD-Servive1-00000 [AppListener] Receive Packet[000*]: From[Node1.Node2]
RSP
2022-01-29 13:59:47,013 INFO CUS.AbCD-Servive1-00000_CUS.AbCD-Service2-111111 [AppNodeManager] Send Packet [000*] to [Node2.Node1]