Trying to recreate this chart in Splunk - can anyone assist, as I'm a bit uncertain where to start?
Hits = SampleCount
Network Time = Network Time
Server Time = Server Time
Thanks.
Field Value Actions
Selected
Location
Sydney
Time
6:35:54 AM
host
SPLUNK
index
main
source
Filtered_data_Peak3.csv
sourcetype
csv
Event
ErrorCount
0
Network Time
175
Response Time
533
SampleCount
1
Server Time
358
URL
https://xxxxxx
331
bytes
473
grpThreads
331
label
/data_table.do
linecount
1
responseCode
200
splunk_server
SPLUNK
success
1
timeStamp
1.46355E+12
Time
time
2016-05-19T06:35:54.000+10:00
Default
punct
.+,::,,,,,/.,,,,,,://.-./.?=&=&=&=&=,,
Since your sourcetype is csv
I assume the fields have been extracted. Try this for your chart. You can set it up for display as an area chart
with Hits as overlay
.That should give you something similar to what you have.
your base search here | timechart span=3m sum(SampleCount) as Hits sum("Network Time") as "Network Time" sum("Server Time") as "Server Time"
Since your sourcetype is csv
I assume the fields have been extracted. Try this for your chart. You can set it up for display as an area chart
with Hits as overlay
.That should give you something similar to what you have.
your base search here | timechart span=3m sum(SampleCount) as Hits sum("Network Time") as "Network Time" sum("Server Time") as "Server Time"
Hi,
Thanks for looking at this .. is there a way of using the "Time" field instead of _time ?
Also how to add an average line onto the chart for average response time ?
Here...
your base search here | timechart span=3m sum(SampleCount) as Hits sum("Network Time") as "Network Time" sum("Server Time") as "Server Time" avg("Response Time") as "Response Time" | rename _time AS Time | fieldformat Time=strftime(Time, "%x %X")
Thanks, As the "Hits" (SampleTime) is using the left axis .. the line is right at the bottom of the chart as it is using those values to plot - which is why i was looking for a separate axis on the right side to represent the hits to make it more presentable.
Also for the bottom of the graph - all we are doing is re-naming _time to Time - what i want to do is use the values for the Time Field for the bottom of the graph.
thanks.
For hits, you can specify a second axis for the overlay field (Hits). See here for how-to
http://docs.splunk.com/Documentation/Splunk/6.1.8/Viz/Chartcontrols#Chart_overlay
For Time, try this
your base search here | eval Time=strptime(Time, "%H:%M:%S %p") | bin span=3m Time | chart sum(SampleCount) as Hits sum("Network Time") as "Network Time" sum("Server Time") as "Server Time" avg("Response Time") as "Response Time" by Time | fieldformat Time=strftime(Time, "%H:%M:%S %p")
Thanks - i didn't need to use another Time - we got the _time working properly from the source - and the Overlay did the trick for the Hits Chart - thanks a lot for help, made my 1st Splunk venture a successful one 🙂
Glad you found your solution through @sundareshr's help. Don't forget to resolve the question by clicking "Accept" directly below his answer. Be sure to upvote his answer and/or comment that helped you too