Solved: help on basic questions in a timechart

jip31 · ‎07-16-2019

hi

I use the search below in order to display a timechart

[| inputlookup host.csv 
    | table host] `CPU` earliest=-3mon latest=now
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
| timechart avg(process_cpu_used_percent) as process_cpu_used_percent by host

I have 2 questions
1) As you can see, I display the host on the ordinate axis but I have an host called "Other" which correspond to nothing
Is there a solution to delete this one?
2) I need to do a sort on process_cpu_used_percent in order to display the host where process_cpu_used_percent is higher
Where I have to place the sort command please??
Thanks

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

View solution in original post

adonio · ‎07-16-2019

timechart defaults to 10 values
use limit=0 useother=false in your timechart command to avoid the OTHER and to show all split by

help on basic questions in a timechart

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

help on basic questions in a timechart

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...