Solved: help on basic questions in a timechart

jip31 · ‎07-16-2019

hi

I use the search below in order to display a timechart

[| inputlookup host.csv 
    | table host] `CPU` earliest=-3mon latest=now
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
| timechart avg(process_cpu_used_percent) as process_cpu_used_percent by host

I have 2 questions
1) As you can see, I display the host on the ordinate axis but I have an host called "Other" which correspond to nothing
Is there a solution to delete this one?
2) I need to do a sort on process_cpu_used_percent in order to display the host where process_cpu_used_percent is higher
Where I have to place the sort command please??
Thanks

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

View solution in original post

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

help on basic questions in a timechart

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform