Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I split a field based on its values and graph as multi-series?

jheney
New Member
‎06-04-2014 10:24 AM

I have a single numeric field that I want to timechart in ranges...i.e. rangemap the field into custom buckets, then timechart with a count by range. Because if the nature of the data, there are WAY more instances of "0" than any other value, making it difficult to interpret the non-zero values. I'd like to treat the 0 values as a different field, then create a timechart that has a count of the 0 values on one Y-axis and a stacked column of the other range values on a second Y-axis. Is such a thing possible? My simple search thus far looks like...

search RF-DELTA| rangemap field=RF-DELTA 0=0-0, 1-10=1-10, 11-20=11-20, 21-30=21-30, 31-40=31-40, 41-50=41-50, default=>50 | timechart span=1d count by range

I guess I need to understand whether I can split out the 0 values as a separate field AND if I can create a multi-axis timechart. Thanks in advance!

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-04-2014 01:45 PM

You can do the multi-axis timechart since Splunk 6.1.

As for splitting the fields, no real need to do that. If you do a count by range you can specify the 0 field to be charted on a second Y-axis as a line on top of your column chart.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...