Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I display these rows of data in a line chart?

flzhang132
Explorer
‎08-08-2018 03:42 AM

alt text
There are 5 rows of data in the table. I want to display these 5 rows of data a line chart.
There are 4 fields, field 1 for time, field 2 for host ID, field 3 for metric type, field 4 for numeric value.
I want to show the usage rate and memory usage of CPU in a picture, using the way of polygon graph.
Excuse me, how to realize

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎08-08-2018 06:13 AM

Try

"your search to return the fields"| stats max(numerical_value) by _time,host_ID,metric_type

and select "line" visualization

e.g

<dashboard>
  <label>TEST</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_introspection sourcetype=splunk_resource_usage  data.pct_cpu=*|table _time,data.process,sourcetype,data.pct_cpu
|stats max(data.pct_cpu) by _time,data.process,sourcetype</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">line</option>
        <option name="charting.drilldown">all</option>
      </chart>
    </panel>
  </row>
</dashboard>
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎08-08-2018 12:47 PM

@flzhang132 while your actual requirement would only be clear only after you can provide more details on the type of output you want.

Do check out the following answers which talks about two options i.e. to use Event Annotations available from Splunk Enterprise 7.0 onward or else to add details to Tooltip text using answer by @jeffland

https://answers.splunk.com/answers/613705/using-dashboard-for-presentation.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎08-08-2018 06:13 AM

Try

"your search to return the fields"| stats max(numerical_value) by _time,host_ID,metric_type

and select "line" visualization

e.g

<dashboard>
  <label>TEST</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_introspection sourcetype=splunk_resource_usage  data.pct_cpu=*|table _time,data.process,sourcetype,data.pct_cpu
|stats max(data.pct_cpu) by _time,data.process,sourcetype</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">line</option>
        <option name="charting.drilldown">all</option>
      </chart>
    </panel>
  </row>
</dashboard>
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

flzhang132
Explorer
‎08-08-2018 06:48 AM

I want to display these 5 rows of data a line chart. and can not used a aggregate function (ex. max)

0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎08-08-2018 07:06 AM

if those 5 lines are unique by time and other fields, you still get those values irrespective of the aggregation function. Instead of max, you could use `values

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...