Hi Splunkers,
I have the below tables generates from the below queries and i'm looking for a consolidated multi-series view of both the tables into one panel with column chart visualisation
Query : 1
index=abc TYPE="Run bot*"|transaction BOT_NAME startswith=(TYPE="deployed") endswith=(TYPE="finished")
|eval min=round((duration/60),2)|eval BOT_RUN_TIME_MINS=round(min,2)|eval BOT_Run_Completed_Timestamp=strftime(_time, "%Y-%m-%dT%H:%M:%S")|eval BOT_RUN_TIME_MINS=round(BOT_RUN_TIME_MINS) | timechart span=1d avg(BOT_RUN_TIME_MINS) as Average_Run_Time by BOT_NAME|
Table :1
| _time | bot1 | bot2 | bot3 | bot4 |
| 2021-03-09 | | 5 | 123 | 26.5 |
| 2021-03-10 | 48 | 5 | 93 | 29.5 |
| 2021-03-11 | | 5 | 108 | 21 |
| 2021-03-12 | | 9 | 116 | 33 |
| 2021-03-13 | | | | |
| 2021-03-14 | | | | |
| 2021-03-15 | | 3.75 | 160 | 68.5 |
Query 2 :
index=abc TYPE="Run bot*"|transaction BOT_NAME startswith=(TYPE="Deployed") endswith=(TYPE="finished")
|eval min=round((duration/60),2)|eval BOT_RUN_TIME_MINS=round(min,2)|eval BOT_Run_Completed_Timestamp=strftime(_time, "%Y-%m-%dT%H:%M:%S")|eval BOT_RUN_TIME_MINS=round(BOT_RUN_TIME_MINS) | timechart span=1d count by DEVICE
Table 2:
| _time | deviceA | deviceB | deviceC | deviceD |
| 2021-03-09 | 8 | 1 | 3 | 1 |
| 2021-03-10 | 12 | 1 | 5 | 0 |
| 2021-03-11 | 11 | 0 | 6 | 0 |
| 2021-03-12 | 11 | 0 | 8 | 0 |
| 2021-03-13 | 5 | 0 | 1 | 0 |
| 2021-03-14 | 5 | 0 | 2 | 0 |
| 2021-03-15 | 12 | 0 | 5 | 0 |
| 2021-03-16 | 4 | 0 | 3 | 0 |
I want both bot info and device which it has run in the same multi series chart.
Please help me on this.Thanks in advance.Let me know for any other details.
