Solved: Timechart all values and one specific

alex_kh · ‎08-10-2018

Hey guys and girls,
I am trying to create a diagram witth follwing input:

I have two queries

search index= blabla host = | timechart sum(bytes)
search index=blabla host="youtube"| timechart sum (bytes)*

for both of the searches i get a wonderfull timechart.
My issue is to combine them in a one time chart

Y -Axis amout of bytes
X- Time

and two bars: all hosts and a specific (youtube).

I tried append/ appendcols
I tried index...| where host= OR host =youtube | timechart...*

Did not work

diogofgm · ‎08-10-2018

Hi,
Try this:

index=blabla 
| eval group=if(host="youtube",host,"others")
| timechart sum(bytes) by group

------------
Hope I was able to help you. If so, some karma would be appreciated.

diogofgm · ‎08-10-2018

Hi,
Try this:

index=blabla 
| eval group=if(host="youtube",host,"others")
| timechart sum(bytes) by group

------------
Hope I was able to help you. If so, some karma would be appreciated.

adonio · ‎08-10-2018

maybe:
index = blabla host=YouTube OR host="other_host" OR host="another_host" OR .... | timechart sum(bytes) as total_bytes by host