Re: error in timechart graph

ayushmaan · ‎07-25-2019

Hi all,
We are having trouble regarding a query in which we need to display multiple metric_labels of a host in a single timechart. the query is as follows:

index="xyz"  source_host="host1" OR "host2" metric_label="metric_label1" OR "metric_label2"  OR "metric_label3 " OR "metric_label4" |dedup source_host _time | append [ search  index="abc" source="source.csv" ]  | timechart span=12h count(metric_value) as metric_value  count(number) as "No of tickets"

We need to pull the result of two searches in a single timechart. Urgently required inputs from you guys. Thanks a lot!

woodcock · ‎07-28-2019

Try again. Post sample events and a mockup of your desired output. There is no possible way that we can help you with how little you have given us.

jawaharas · ‎07-26-2019

This question needs clarification. Can you provide the expected output and also the error you are facing with current query?

First line of the SPL should be as below-
index="xyz" (source_host="host1" OR source_host="host2") (metric_label="metric_label1" OR metric_label="metric_label2" OR metric_label="metric_label3 " OR metric_label="metric_label4")

error in timechart graph

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join the Conversation

error in timechart graph

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA