Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

plot a graph

srinathd
Contributor
‎10-24-2013 02:40 AM

Hi,

For the following search results i need to ploa a graph with starttime in y-axis and Host in x-axis. How to do this?

Host starttime

Test1 10/24/13 01:44:50
Test2 10/24/13 01:44:47
Test3 10/24/13 01:44:47
Test4 10/24/13 01:45:07

Thanks,
Srinath

Tags (1)
0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-24-2013 04:29 AM

Depends on what kind of graph. Normally when you graph things, you have a value associated with the data. I would do something like this.

your_search | eval Present = if(isnotnull(starttime),1,0)| timechart span=15m max(Present) by host

So, this is saying if your field "starttime" is not null, it will graph a value of 1. So for any events not having a starttime field, it won't show on the graph, thereby plotting values for distinct hosts. Time will be on the X axis, 1 will be on the Y axis, and the column will be for the host.

Reply

srinathd
Contributor
‎10-30-2013 11:15 PM

|bin span=15m _time | chart starttime over host by _time.. this is not working as it is asking (val) to be used in chart command. and in the first results we are getting _time on x-axis and on y-axis 0.25 to 1.25 as range and (host,starttime) as data values. what i am trying to get is host on x-axis and last 24 hrs time range(or starting time of starttime and endtime of starttime as range) and starttime values as data points

0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-29-2013 05:40 AM

how about the output of when you ran the chart search above? or the results of the first search?

0 Karma
Reply

srinathd
Contributor
‎10-29-2013 05:18 AM

i have given all the details.. x-axis values,y-axis values and data values to be plot. just please let me know what data do you need..i will try to give you.

0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-29-2013 04:49 AM

We merely strive to give you examples and possible solutions, you may need to play with the search and functions to get exactly what you want. The more data you give us (not just "what you wrote doesn't work"), the better we can help you.

0 Karma
Reply

srinathd
Contributor
‎10-29-2013 04:29 AM

it is also not working as expected..Is there any other way to achieve this?

Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-25-2013 04:38 AM

you could try: |bin span=15m _time | chart starttime over host by _time

0 Karma
Reply

srinathd
Contributor
‎10-24-2013 06:51 PM

what exactly i need is..on y-axis last 24 hrs time range and on x-axis Host name, and the starttime values should be plotted against this.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top