Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

plot a graph

srinathd
Contributor
‎10-24-2013 02:40 AM

Hi,

For the following search results i need to ploa a graph with starttime in y-axis and Host in x-axis. How to do this?

Host starttime

Test1 10/24/13 01:44:50
Test2 10/24/13 01:44:47
Test3 10/24/13 01:44:47
Test4 10/24/13 01:45:07

Thanks,
Srinath

Tags (1)
0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-24-2013 04:29 AM

Depends on what kind of graph. Normally when you graph things, you have a value associated with the data. I would do something like this.

your_search | eval Present = if(isnotnull(starttime),1,0)| timechart span=15m max(Present) by host

So, this is saying if your field "starttime" is not null, it will graph a value of 1. So for any events not having a starttime field, it won't show on the graph, thereby plotting values for distinct hosts. Time will be on the X axis, 1 will be on the Y axis, and the column will be for the host.

Reply

srinathd
Contributor
‎10-30-2013 11:15 PM

|bin span=15m _time | chart starttime over host by _time.. this is not working as it is asking (val) to be used in chart command. and in the first results we are getting _time on x-axis and on y-axis 0.25 to 1.25 as range and (host,starttime) as data values. what i am trying to get is host on x-axis and last 24 hrs time range(or starting time of starttime and endtime of starttime as range) and starttime values as data points

0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-29-2013 05:40 AM

how about the output of when you ran the chart search above? or the results of the first search?

0 Karma
Reply

srinathd
Contributor
‎10-29-2013 05:18 AM

i have given all the details.. x-axis values,y-axis values and data values to be plot. just please let me know what data do you need..i will try to give you.

0 Karma
Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-29-2013 04:49 AM

We merely strive to give you examples and possible solutions, you may need to play with the search and functions to get exactly what you want. The more data you give us (not just "what you wrote doesn't work"), the better we can help you.

0 Karma
Reply

srinathd
Contributor
‎10-29-2013 04:29 AM

it is also not working as expected..Is there any other way to achieve this?

Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎10-25-2013 04:38 AM

you could try: |bin span=15m _time | chart starttime over host by _time

0 Karma
Reply

srinathd
Contributor
‎10-24-2013 06:51 PM

what exactly i need is..on y-axis last 24 hrs time range and on x-axis Host name, and the starttime values should be plotted against this.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...