Solved: help on basic questions in a timechart

jip31 · ‎07-16-2019

hi

I use the search below in order to display a timechart

[| inputlookup host.csv 
    | table host] `CPU` earliest=-3mon latest=now
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
| timechart avg(process_cpu_used_percent) as process_cpu_used_percent by host

I have 2 questions
1) As you can see, I display the host on the ordinate axis but I have an host called "Other" which correspond to nothing
Is there a solution to delete this one?
2) I need to do a sort on process_cpu_used_percent in order to display the host where process_cpu_used_percent is higher
Where I have to place the sort command please??
Thanks

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

View solution in original post

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

help on basic questions in a timechart

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Are you a member of the Splunk Community?

help on basic questions in a timechart

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions