×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dwestbrook
Engager
Member since: ‎12-04-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎12-04-2014
Activity Feed
View All

Re: How to chart when using multiple matches

by in Splunk Search
‎12-04-2014 01:10 PM
‎12-04-2014 01:10 PM
@aweitzman - your comment helped. Basically, I had to extract [2s,189] [5s,23] [10s,13] [20s,3] [30s,0] and then use makemv to get the charting to behave as I needed. Before, I was simply doing multiple matches from a single rex. Post that as an answer instead of a comment and I'll accept your answer. ... View more

How to chart when using multiple matches

by in Splunk Search
‎12-04-2014 11:48 AM
1 Karma
‎12-04-2014 11:48 AM
1 Karma
I have a search which matches multiple values and produces two events as a list. I'd like to basically make it so that the values in eventA are the X axis, the values in eventB are the Y axis, and as more events are found they sum on eventB, grouped by their values in eventA. I basically have rows in my log which look like: timestamp some text some text: [2s,189] [5s,23] [10s,13] [20s,3] [30s,0] This is an example of the events my search is finding: desiredBucket: 2s 5s 10s 20s 30s desiredValue: 189 23 13 3 0 I can't get this to chart with the following X, Y pairings: [2s, 189] [5s, 23] [10s, 13] [20s, 3] [30s, 0] But instead, I'm getting things like this: [2s, 228] [5s, 228] [10s, 228] [20s, 228] [30s, 228] when I try to chart using chart sum(desiredValue) by desiredBucket I understand why this is happening but I can't seem to find a way to get Splunk to identify my desired associations. Help? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All