Solved: timechart with each line defined by multiple field...

benobviate · ‎11-19-2012

my search is something like

... | stats avg(weight) by color, shape

which results in :

color shape avg(weight)

blue triangle 30

blue circle 20

green triangle 35

I want to do a timechart with each row as a line. I tried replacing stats with timechart but it gave me an error (I'm assuming is because i have it arranged by two fields. How would I go about doing this? I want a line for blue triangle, blue circle and green triangle. Also, is there a convenient way to name the lane via the first+second field name? (e.g. "blue triangle")

lguinn2 · ‎11-19-2012

Sure, try this

yoursearchhere
| eval color_and_shape = color + " " + shape
| timechart avg(weight) by color_and_shape

View solution in original post

lguinn2 · ‎11-19-2012

Sure, try this

yoursearchhere
| eval color_and_shape = color + " " + shape
| timechart avg(weight) by color_and_shape

matthewcanty · ‎11-29-2012

Spot on. Thanks.

benobviate · ‎11-20-2012

Thank you so much!! That worked perfectly! 🙂

timechart with each line defined by multiple fields

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor