Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

get the values in each line

secure
Path Finder
‎12-19-2024 06:37 AM

Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm plottting a timechart for the server count. what i want to display is a line chart with total prod server showing as threshold and line and the below line chart as server count

index=data sourcetype="server"
| rex field=_raw "server=\"(?<EVENT_CODE>[^\"]*)"
| search [ | inputlookup prodata_eventcode.csv | fields EVENT_Code ]
| stats dc(host_name) as server_prod_count
|rename
| append
[
| search index=appdata source=appdata_value
| rex field=value "\|(?<Item>[^\|]+)?\|(?<EVENT_CODE>[^\|]+)|(?<PROD_Count>[^\|]+)?"
| dedup DATE,EVENT_CODE
| timechart span=1d sum(PROD_Count) as SERVER_COUNT]
| table _time,local_PROD_COUNT,snow_prod_count
| rename DYNA_PROD_COUNT as SERVER_COUNT,snow_prod_count as Threshold

Question is how can  i get the threshold value in all the rows so that i can plot threshold vs server count in the line graph 

Below is the snapshot 

secure_0-1734618949170.png

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎12-19-2024 07:08 AM

From where you are, you could simply do something like this

| filldown Threshold

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎12-19-2024 07:08 AM

From where you are, you could simply do something like this

| filldown Threshold
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...