Hey Splunkers,
Last week i asked http://answers.splunk.com/answers/142779/creating-comparative-graphs
I was referred to use timewrap. now that i have this setup, i am struggling with getting the results to show. below is my current search i am using, i posted some return results further below. The problem is this isn't producing visuals in splunk. I am unsure why that is now, my goal here is:
"I want to create a graph or line chart that will show transaction total on a day vs day, week vs week, month vs month, quarter vs quarter."
This particular search i am trying to compare the same hour of each day over the last week.
index=pfe_os_messages sourcetype="log4j" getSettle* earliest =-7@d date_hour=9| rex "getSettle(?:Now|ment)Total.+?(? \d+)" | search settlement="*" | eval settlement = "$" . (settlement / 100) | timechart count span=1h |timewrap w | where strftime(_time, "%H") == "9"
Event returns:
2014-07-01 09:45:36,884 INFO [ aaa-AMON0m4y-6LZEjYBu ENC12195954] invoice.AcquireInvoice (AcquireInvoice.foo) - getSettlementTotal(): 0
2014-07-01 09:45:36,883 INFO [foo aaa-AMON0m4y-6LZEjYBu ENC12195954] invoice.AcquireInvoice (AcquireInvoice.foo) - getSettleNowTotal(): 3200
2014-07-01 09:45:32,729 INFO [foo aaa-AMON0m4y-6LZEjYBu ENC12195954] invoice.AcquireInvoice (AcquireInvoice.foo) - getSettleNowTotal(): 3200
2014-07-01 09:45:32,688 INFO [foo aaa-AMON0m4y-6LZEjYBu ENC12195954] invoice.AcquireInvoice (AcquireInvoice.foo) - getSettleNowTotal(): 3200
... View more