I have followed the documentation to create an advanced view that should utilize post processing to generate multiple graphs from a single search. My data source is the splunk jmx plugin so the data is already in 1 minute buckets and the data is already ready to graph. The following is my search that generates the graph i would like on my page. It works great and makes the graph i need.

index=jmx sourcetype="cassandra_jmx" | rex field=_raw "mbean=\"(?[a-zA-Z0-9.]*):" | search myMbean=org.apache.cassandra.db | eval coname = myMbean."-".columnfamily | search columnfamily=EventCounter | timechart span="5m" avg(RecentWriteLatencyMicros) by coname

I have taken 'index=jmx sourcetype="cassandra_jmx" | rex field=_raw "mbean=\"(?[a-zA-Z0-9.]*):" | search myMbean=org.apache.cassandra.db | eval coname = myMbean."-".columnfamily' and used that as my saved search and then used search columnfamily=EventCounter | timechart span="5m" avg(RecentWriteLatencyMicros) by coname as the search for generating the graph.

Currently, i have eliminated all of the syntax errors in my view and it loads, says that it is waiting for data, but displays nothing. Here is the xml that my view consists of :

<?xml version='1.0' encoding='utf-8'?>

mhogg cassandra test

Here is an example of the data that is returned from the combined search string with the timechart removed:

host=blah.blah.blah,jvmDescription="pdb",mbean="org.apache.cassandra.db:columnfamily=EventCounter,keyspace=rli,type=ColumnFamilyStores",LiveSSTableCount="5",LiveDiskSpaceUsed="457363579",RecentReadLatencyMicros="503.5",MemtableDataSize="33228",RecentWriteLatencyMicros="10.333333333333334"

Any help is greatly appreciated!