Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Plotting a graph to show values increasing over time

rdb_splunk
Explorer
‎02-12-2013 08:55 AM

HI there,

I was hoping someone may have some advice on how to plot a graph for the following trend,

I am trying to figure out, how to graph the value increase and decrease for the instances of Media files count: 634144. e.g. you will see below that the count, changes over time. I want to do a time chart portraying these values, changing over time, against the source types, these entries belong to. Thanks for any ideas?

2013.02.10 20:56:46:199 INFO avidmi 2608 nycoewg01mi02 CACHE SAVED. Media files count: 634144. Unique media files count: 625887. Duplicated media files count:8257 215

2013.02.11 12:56:48:192 INFO avidmi 2608 nycoewg01mi02 CACHE SAVED. Media files count: 629238. Unique media files count: 621189. Duplicated media files count:8049 215

     2013.02.11 14:56:48:392    INFO    avidmi  2608    nycoewg01mi02   CACHE SAVED. Media files count: 632638. Unique media files count: 624586. Duplicated media files count:8052       215
Tags (1)
Reply

rdb_splunk
Explorer
‎02-20-2013 06:29 PM

thanks - that worked perfectly - I am using it all the time now....

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-21-2013 09:22 AM

You are welcome.
For other splunk magic functions, take a look at the cheat sheet http://www.innovato.com/splunk/

also if you do not mind, please accept the previous answer with the transparent check mark on the left side.

0 Karma
Reply

rdb_splunk
Explorer
‎02-13-2013 02:06 PM

Excellent - thanks very much. Just what i needed.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎02-12-2013 09:43 AM

Extract the value in a field, using rex or an automatic field extraction.
beware the "Media" caps is important, because you have almost he same 2 times.

... |rex "Media files count: (?<media_files_count>\d+)" | table _time media_files_count sourcetype

then use it for a timechart

... |rex "Media files count: (?<media_files_count>\d+)" | timechart span=5m avg(media_files_count) by sourcetype

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...