Solved: Visualization for data with large difference in va...

GenericSplunkUs · ‎07-24-2017

I can't seem to find the right terms to search to find my answer so I'm hoping someone here can help me.

I'm looking for a clean way to do the timechart command when your field values could be 5 or 500,000. With such a large difference it makes plotting them on a map useless for the smaller numbered results. I would do this to a table, but it's nice to have the timechart command show the usage over time and make it a good visual reference.

If you have another way to do this, or another command I should use that would be great.

Thanks,

DalJeanis · ‎07-24-2017

Go ahead and use timechart. Change the visualization format for the Y axis to log.

View solution in original post

DalJeanis · ‎07-24-2017

Go ahead and use timechart. Change the visualization format for the Y axis to log.

GenericSplunkUs · ‎07-25-2017

Thank you, this is exactly what I wanted. I knew it had to be a simple option i just couldn't find.

DalJeanis · ‎07-25-2017

Yw. @GenericSplunkUser - if your question has been answered, then please accept the answer so the question will show as solved.

GenericSplunkUs · ‎07-25-2017

I thought i had done that, Thanks for the reminder.

Visualization for data with large difference in values.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation