Background: Every day, I run a script on a log file which filters it into another file. I then indexed the filtered file. So I want to create a line graph that takes the earliest time and latest time (first line and last line of the filtered file) and display it on a line graph.
For example: In the log file I will have...
2013-06-20 03:12:30,001 INFORMATION Begin TITLE OF SCRIPT
.
.
.
2013-06-20 04:12:30,001 INFORMATION Finished TITLE OF SCRIPT
(It can be different from the first script)
So the fields I have at the moment are..... Date = 2013-06-20, date_hour=04, date_minute=12, date_second=30, position=finished
What I have so far for my search is...
host=... source=... | search earliest |
So I still havent been able to figure this out. I looked at every command with the answer below. However, still cant get the right output. My XML code is...
<row>
<panel>
<chart>
<title>Completion Time</title>
<searchString>host=.... source=.... | stats max(_time) AS Latest min(_time) AS Earliest | eval temp=Latest - Earliest | table temp | makemv temp | mvexpand temp | rename temp as _time | eval Series=1</searchString>
<earliestTime>$timetoken.earliest$</earliestTime>
<latestTime>$timetoken.latest$</latestTime>
<search>
<query>host=.... source=..... | stats max(_time) AS Latest min(_time) AS Earliest | eval temp=Latest - Earliest | table temp | makemv temp | mvexpand temp | rename temp as _time | eval Series=1</query>
<earliest>$timetoken.earliest$</earliest>
<latest>$timetoken.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.axisTitleY.text">Completion Time</option>
<option name="charting.drilldown">all</option>
</chart>
</panel>
</row>
@somesoni2
Its not showing a line at all on my graph.. And it goes back to 1970 for some reason even though the pull down I have on the dashboard is only at today. (Today is default)
Try something like this
your base search | stats max(_time) as Latest min(_time) as Earliest| eval temp=Latest." ".Earliest | table temp| makemv temp | mvexpand temp | rename temp as _time | eval Series=1
Could you try to explain your commands? Just for future reference. Thank you for your answer.
Was latest." ".earliest for an operator?