Solved: help on basic questions in a timechart

jip31 · ‎07-16-2019

hi

I use the search below in order to display a timechart

[| inputlookup host.csv 
    | table host] `CPU` earliest=-3mon latest=now
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
| timechart avg(process_cpu_used_percent) as process_cpu_used_percent by host

I have 2 questions
1) As you can see, I display the host on the ordinate axis but I have an host called "Other" which correspond to nothing
Is there a solution to delete this one?
2) I need to do a sort on process_cpu_used_percent in order to display the host where process_cpu_used_percent is higher
Where I have to place the sort command please??
Thanks

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

View solution in original post

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

help on basic questions in a timechart

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

help on basic questions in a timechart

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience