I am having trouble getting my head around the search required to graph multiple values from the same log event. It seems to be easy enough to graph one value - "timechart sum(field4)" or one value against another - "timechart sum(field4) by field2", but any more I can't work out.
I have a csv report that contains a bunch of statistics. I have built a search which extracts into named fields. I want to create a (timechart) stacked line graph that takes field4 ("ordertype1", 138 in the first line below), field5 ("ordertype2", 86) and field6 ("ordertype3", 0) and plots them over time with ordertype1/2/3 in the legend. The goal is to have a stacked line graph that stacks up to a total orders value, showing the different types of orders that made up this total.
I hope I havent made that question too confusing. Please ask if you would like me to explain it again.
Sample log:
15-MAR-2010 09:09,WEB,OS,138,86,0,224,47,29,168,23,14,83,24,14,140,15-MAR-10,15-MAR-10,15-MAR-10
15-MAR-2010 09:10,WEB,OS,132,78,0,210,53,29,590,28,14,574,25,14,151,15-MAR-10,15-MAR-10,15-MAR-10
15-MAR-2010 09:11,WEB,OS,132,55,0,187,48,30,288,24,15,148,48,14,4597,15-MAR-10,15-MAR-10,15-MAR-10
... View more