Re: How to show latest month data in Solid line an...

avni26 · ‎11-27-2019

Hi ,

I have data for each month like below.
For example,
Data1 min Months
-1 322 Jan-19
1 340 Jan-19
2 200 Jan-19
-1 250 Feb-19
1 360 Feb-19
2 200 Feb-19
Similarly for all months till Oct-19.
we want to show min over data1 by Months. Wanted to display all months data in dots and for latest month (Oct-19) wanted to show in solid line in single chart panel.
Please help.

to4kawa · ‎11-28-2019

I don't know what the data means, so I can't grasp the screen image.
I tried it with the same data.

woodcock · ‎11-27-2019

Either this:

... | chart first(min) AS min BY Months Data1

Or this:

... | chart first(min) AS min BY Data1 Months

Or this:

... | chart first(Data1) AS Data1 BY Months min

Or this:

... | chart first(Data1) AS Data1 BY min Months

to4kawa · ‎11-27-2019

|makeresults count=2
| streamstats count 
| eval _time = if (count==2,relative_time(_time,"@y"), relative_time(_time,"-1month@month")) 
| makecontinuous span=1month
| eval Data1="-1 1 2"
| makemv Data1
| mvexpand Data1
| eval min=(random() % 20 + 15) * 10 
| table  _time min Data1
`comment("this is sample data")`
| chart values(min) as min over _time by Data1
| eventstats values(eval(if(strftime(_time,"%m")=="10",'-1',null()))) as OCT_-1
,values(eval(if(strftime(_time,"%m")=="10",'1',null()))) as OCT_1
,values(eval(if(strftime(_time,"%m")=="10",'2',null()))) as OCT_2
| where tonumber(strftime(_time,"%m")) < 10

If you make every month a dot, you won't be able to line up October.

avni26 · ‎11-28-2019

@to4kawa
Thank you for the response.
But I want data1 plotted in X-axis , mins in Y-axis by months and for each month want to show in dots and for last month ,its should show solid dark line.

How to show latest month data in Solid line and rest all months in marker point in line chart?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases