Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Scatter Plot of some data

wweiland
Contributor
‎10-04-2013 06:39 AM

I'm new to Splunk and trying to create graphs on some information that I'm collecting. I have lots of jobs that run everyday and provide the data below after they run. I would like to create a scatter point graph that is a timechart of resources_used.ncpus for a 24H period. I would also like to create a scatter point graph of resources_used.ncpus and resources_used.walltime.

10/04/2013 08:29:20;0010;somehost;Job;131091.somehost;Exit_status=0 resources_used.cpupercent=93 resources_used.cput=00:01:42 resources_used.mem=7284kb resources_used.ncpus=33 resources_used.vmem=57556kb resources_used.walltime=00:34:41

Can someone point me in the right direction? I can't figure out how to get the datapoints into the graph.

Thank you in advance.
Todd

0 Karma
Reply

Simon_Fishel
Splunk Employee
Splunk Employee
‎10-10-2013 09:24 AM

For your timechart, this should do the trick, you can control the time range using the time range picker in the UI:

index=yourindex sourcetype=yoursourcetype ... | timechart avg(resources_used.ncpus) as "resources_used.ncpus"

For the scatter chart, try this:

index=yourindex sourcetype=yoursourcetype ... | table resources_used.ncpus resources_used.walltime

Reply

wweiland
Contributor
‎10-11-2013 05:09 PM

I think I understand. Thank you again.

0 Karma
Reply

SanthoshSreshta
Contributor
‎05-12-2015 05:15 AM

Is there possibility to change the shape of scatter plot. I am getting rectangle , i need bubble .
Is there possibility to change the size of rectangle in graph.

0 Karma
Reply

wweiland
Contributor
‎10-09-2013 12:30 PM

Any other suggestions?

0 Karma
Reply

somesoni2
Revered Legend
‎10-06-2013 07:33 AM

Try below search

index=yourindex sourcetype=yoursourcetype...| timechart span=1d max(resources_used.ncpus) as "resources_used.ncpus"

If you are using a dashboard, select the chart type as scatter.

Reply

wweiland
Contributor
‎10-06-2013 04:59 PM

The scatter option is greyed out. I can't seem to format the output in a way that scatter can be used.

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...