Solved: Re: help on basic questions in a timechart

jip31 · ‎07-16-2019

hi

I use the search below in order to display a timechart

[| inputlookup host.csv 
    | table host] `CPU` earliest=-3mon latest=now
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
| timechart avg(process_cpu_used_percent) as process_cpu_used_percent by host

I have 2 questions
1) As you can see, I display the host on the ordinate axis but I have an host called "Other" which correspond to nothing
Is there a solution to delete this one?
2) I need to do a sort on process_cpu_used_percent in order to display the host where process_cpu_used_percent is higher
Where I have to place the sort command please??
Thanks

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

View solution in original post

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

help on basic questions in a timechart

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

help on basic questions in a timechart

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem