You could win up to $50,000 building Splunk apps in the Splunk>Apptitude contest. Learn more »
is it possible to plot earliest and latest value of field values. or at least earliest time in x axis and field values in y axis.
I have tried chart command as mentioned below
index=main source=sourcefilename.txt |chart earliest(PC_time) over field_PC
field_PC are extracted fields and
field_PC have nearly 26 values.
PC_time is the time of the events occured. i am getting a table when i am using the search command
index=main source=sourcefilename.txt" | stats earliest(PC_time) AS startingtime,latest(PC_time) AS Endingtime by field_PC
with 3 columns
earliest(PC_time) and ,
latest(PC_time), but with the first command I am getting chart plotted
field_PC values in X axis but Y axis values are not related to my search result. how to debug the issue?
please help me to solve this issue
thanks in advance
Latest + add 1 hour 5 Answers
Latest value to be at midnight yesterday 2 Answers