I am currently trying to format the amount of memory used by each node during a given time in a way that I could create an area graph from the results. Right now I have these three columns:
index=main sourcetype=source
| table _time memory node_name
But I want the columns to be _time, node_name1, node_name2, ...
and the rows to contain the time and the related memory usage that goes along with the node_name.
Results should look similar to this:
time, node1, node2, node3, ...
6/28, 10000, 20000, 16000, ...
6/29, 15000, 24000, 12500, ...
@SudeepDell you can try the following.
index=main sourcetype=source
| timechart span=1d max(memory) as Memory by node_name
that worked, thanks!
@SudeepDell, please accept the answer to mark this question as answered!