Solved: Re: Values in bar chart varying

Devi13 · ‎07-11-2023

Hello Team,

I have a bar graph representing data,

When I keep the timechart span=15m and run the search for 1h

The value for the last 15 mins is showing high and after sometime if I run the same search the value is showing normal.

Is it an expected behaviour and why is it happening like this.

How to fix this, any help is appreciated.

Eg

9:00 - 9:15 30

9:15 - 9:30 36

9:30 - 9:45 45

9:45 - 10:00 180

After sometime

9:45 - 10:00 49

gcusello · ‎07-11-2023

Hi @Devi13,

did you added some other filter in your search?

are the other values the same?

Ciao.

Giuseppe

View solution in original post

Devi13 · ‎07-11-2023

Hello @gcusello ,

index=* host=* OR host=* source="*" "xxxx"
| dedup AA
| timechart span=1d count by host

But when I check tomorrow, the values are going down..

gcusello · ‎07-11-2023

Hi @Devi13,

what does it happen if you don't use dedup, there's the same behaviour?

ciao.

Giuseppe

Devi13 · ‎07-12-2023

Hello @gcusello ,

We are good now, seems there was glitch in fetching the logs.

Thank you for your assistance.

gcusello · ‎07-12-2023

Hi @Devi13 ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello · ‎07-11-2023

Hi @Devi13,

could you share your search?

ciao.

Giuseppe

Devi13 · ‎07-11-2023

Hello @gcusello ,

I am trying to get to know about splunk, I have a simple search,

index=abc host=abc source=abc
"xxx/*"
| timechart span=15m count by host

gcusello · ‎07-11-2023

Hi @Devi13,

did you added some other filter in your search?

are the other values the same?

Ciao.

Giuseppe

Values in bar chart varying

chart

timechart

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability

Introducing the Splunk Community Dashboard Challenge!