How can I change the x-axis label on my chart to a...

ngerosa · ‎10-16-2017

Hi,
I have this table:
_time ATTENUATION EOL

2017-09-08 15 21
2017-09-09 15.3 21
.

.
2017-10-01 15.7 21
2017-10-02 15.4 21

I stored the data since June, so for every day I have a value for "ATTENUATION" and a value for EOL that is always the same for every day because is a threshold.
Since I have a lot of values, Splunk doesn't show me any value in the x-axis
I want to chart all data, that I have stored, with a simple line chart (without any stats) grouped by month.

Any ideas?

Thanks a lot

DalJeanis · ‎10-16-2017

Try this, assuming you are using chart

| your chart command
| eval _time= relative_time(_time,"@mon")

ngerosa · ‎10-16-2017

Hi DalJeanis,
the label of the x-axis that I want is correct but the chart it seems not correct.
In this link you can find the chart using your command : https://ibb.co/i2zH5m
In this link you can find the right chart without using your command: https://ibb.co/byXLQm
I want the label of the first chart in the second chart 🙂

lloydknight · ‎10-16-2017

Hello ngerosa,

If my understanding is correct, you want to trend the count of the fields into its own value in the x-axis.

say for example:

  index=your_index earliest=@mon latest=now | chart count(ATTENUATION) AS ATTENUATION_count by ATTENUATION

What I don't understand is that you have two fields (ATTENUATION and EOL) that you want to put in the x-axis? is that correct?

EDIT:
try this:

index=your_index earliest=@mon latest=now | chart count(ATTENUATION) AS ATTENUATION_count by ATTENUATION | join [search  index=your_index earliest=@mon latest=now | chart count(EOL) AS EOL_count by EOL]

then click Format on the Visualization tab and select Chart Overlay and Overlay the field EOL to have a Y-axis count on the right side.

Hope it helps!

ngerosa · ‎10-16-2017

Hi lloydknight ,
I don't want to do any stats for my values.
I already have a chart that display my all data, my only problem is the setting of the x-axis.
I want to display only ONE time the name of every month and not for every value the name of month

lloydknight · ‎10-16-2017

Apologies. I'm really confused with your requirements.

so what do you want to trend every month? distinct count of EOL? ATTENUATION?

ngerosa · ‎10-16-2017

EOL (End-Of-Life) is only a costant value that is a reference value and indicates, if "ATTENUATION" value exceeded the EOL value, that there is problem.
So in the chart I have two lines:
One line that is costant that represent a EOL value and another line that indicates the "ATTENUATION"value.

My problem is not how to display data but is how to display label of the x-axis with only one time every month.

In this link you can find the x-axis that I want : https://ibb.co/cn4s5m

gcusello · ‎10-16-2017

Hi ngerosa ,
you said data grouped by month: are you meaning that you want an average of the monthly values or what?
if an average try something like this:

index=your_index
| timechart span=1mon avg(ATTENUATION) AS ATTENUATION avg(EOL) AS EOL

if instaead you want all the daily values try something like this:

index=your_index
| timechart values(ATTENUATION) AS ATTENUATION values(EOL) AS EOL

In both the cases you can display results as a chart.
Bye.
Giuseppe

ngerosa · ‎10-16-2017

Hi Giuseppe,
my problem is not how to chart the data, but how to display in x-axis only a month and not all every single day.

lloydknight · ‎10-16-2017

is it something like this?

 base search | chart count(ATTENUATION) AS ATTENUATION, count(EOL) AS EOL by date_month

ngerosa · ‎10-16-2017

Hi lloydknight ,
my problem is not how to chart the data, but how to display in x-axis only a month and not all every single day.

I want to display all values that I have stored but in the x-axis I want to display only ONE time the name of every month

How can I change the x-axis label on my chart to a month count?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor