Solved: show fields with no values in a timechart

royimad · ‎09-25-2013

Hello Expert,

I'm showing a multilines graph using this search:

sourcetype="mysource" thefield="x" or thefield="y" or thefield="z" | timechart span=1d count by thefield

The graph is showing 2 lines one for x and one for y because there are no values that is equal to "z".

I need to show 3 lines x,y,z on the graph and consider z as zero.
How to do that?

royimad · ‎11-20-2013

Try usenull and useother

sourcetype="mysource" thefield="x" or thefield="y" or thefield="z" | timechart span=1d count by thefield usenull=f useother=f

royimad · ‎11-20-2013

Try usenull and useother

sourcetype="mysource" thefield="x" or thefield="y" or thefield="z" | timechart span=1d count by thefield usenull=f useother=f

kasu_praveen · ‎04-07-2016

Is this really working? It didn't work for me.

show fields with no values in a timechart