how copmare two table values in one visualisation ...

unsmoker · ‎08-02-2017

I have 2 tables with energy spent values by month of years, one for 2015 other for 2016. Can I put two table values in one table chart visualisation table?

DalJeanis · ‎08-03-2017

Yes, you can append them together ...

| inputcsv myfirstfile.csv | inputcsv append=t mysecondfile.csv

... here's a way to simulate those results ...

| makeresults count=24 | streamstats count as monthno  
| eval _time=relative_time(_time,"-3y@y-1mon+".monthno."mon@mon") 
| eval usage=100*(50+ random()%50+random()%50)
| rename COMMENT as "The above just makes 24 months of data"

...and then either ...

1) make a 1-year graph with two series, one for each year...

| eval Year = strftime(_time,"%Y") 
| eval Month = strftime(_time,"%m %b") 
| eval _time = if(Year="2014", relative_time(_time,"+1y"),_time)
| chart sum(usage) over Month by Year

... or ...

2) make a single 2-year graph ...

| timechart sum(usage) by Year
| where _time=86400*floor(_time/86400)

The last part is to get rid of some garbage records that timechart has been adding onto the end lately

how copmare two table values in one visualisation charts?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

how copmare two table values in one visualisation charts?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I