Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

reverse axes

jbrenner
Path Finder
‎04-24-2018 08:21 AM

I have a Splunk query that returns the duration of each service call, and I want to plot each value on the y-axis, and a time-stamp on the x-axis.

The last part of the query is a rex command parsing out DURATION

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎04-24-2018 09:19 PM

The simplest way is to use the transpose command.

0 Karma
Reply

DalJeanis
Legend
‎04-24-2018 07:23 PM

1) One simple way to do this is to use a scatter plot, with _time along the bottom and a decimal calculated minutes or seconds as your vertical axis. This gives TIME as your more important factor, and shows events that are nearly simultaneous as such.

2) Another way is to flip your axes so that the _time is vertical with oldest at the top, and the bars go to the right for duration. This makes each event equal in importance, so that time (vertically) expands or compresses so that one vertical line is one event, no matter how many happened in one moment.

It all depends on your expected data and what you plan to be doing with the results.

0 Karma
Reply

somesoni2
Revered Legend
‎04-24-2018 08:29 AM

You should be able to do that as long as you're keeping duration (y-axis value) numeric (can't plot strings). If you can share you current query, we can suggest the necessary changes for charting the data.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...