Hi,
I would like to join or append 2 dataseries and try the function append/ join. However, the result is not really what I want. Please advise the right query to achieve the goal below.
Thanks in advance!
source="cpu_load" host="myhost" | timechart span=30m avg(cpu) as cpu_average
| append [search sourcetype="server_hits" host="myhost" | timechart bins=300 minspan=30m sum(requests) AS req]
Result
_time cpu_average ser
1 3/21/14 10:00:00.000 AM 10.087604
2 3/21/14 10:30:00.000 AM 10.734093
3 3/21/14 11:00:00.000 AM 10.539557
4 3/21/14 10:00:00.000 AM 1244
5 3/21/14 10:30:00.000 AM 1501
6 3/21/14 11:00:00.000 AM 1931
Ideal Goal
_time cpu_average ser
1 3/21/14 10:00:00.000 AM 10.087604 1244
2 3/21/14 10:30:00.000 AM 10.734093 1501
3 3/21/14 11:00:00.000 AM 10.539557 1931
I don't think you'll need to use append, stats should do the trick. Try something like this:
source="cpu_load" OR source="server_hits" host="myhost" | bin _time span=30m | stats avg(cpu) as cpu_average sum (requests) AS req by _time
I don't think you'll need to use append, stats should do the trick. Try something like this:
source="cpu_load" OR source="server_hits" host="myhost" | bin _time span=30m | stats avg(cpu) as cpu_average sum (requests) AS req by _time