About spamphile

spamphile · ‎06-09-2020

I'm trying to create a visualization of web service activity. I thought the timeline would be a good representation of when services are up and down. Unfortunately, the logs I have to work with ping services every 15 minutes. So every 15 minutes, there's a log that states: <serviceName> is up: true OR <serviceName> is up:false I was able to implement this query and get something back (last 60 minutes): index=application_activity up | transaction startswith="*true" endswith="*false" by service | table _time service duration But of course because of the 15 minute time interval, it has huge gaps. How can I have these gaps filled in as long it as true the service is up, and only have gaps show when it is false? I'm also open to another recommendation for a visualization.

spamphile · ‎06-05-2019

Thanks so much

spamphile · ‎06-04-2019

I'm trying to display a pie chart like so: chart count by transaction.inputSource | lookup transaction_input_sources code AS transaction.inputSource OUTPUT transaction_input_source AS transaction.inputSource There are only 5 input sources I really care about in the pie chart. The other input sources I would like to combine and just show as one "Other" slice. In my lookup table, I've named the input sources I don't care about as "Other". But now when the chart renders, it shows each of those values as its own slice: How do I combine these values as one slice in the pie chart? Any help is greatly appreciated. Thanks!

Posts	3
Solutions	0
Karma Given	5
Karma Received	0
Member Since	‎06-04-2019

Online Status	Offline
Date Last Visited	‎06-17-2020 12:42 PM

How to "fill in" transaction gaps in timeline

How to combine a set of values as 'Other' in a pie...

How to "fill in" transaction gaps in timeline

Re: How to combine a set of values as 'Other' in a...

How to combine a set of values as 'Other' in a pie...