Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to graph with multiple fields by _time

$
0
0
Hey community, Browsed a lot of posts, but did not found any answer to my problem... I have a sourcetype that give me this kind of results for a row, here is 3 exemples : **_time=2019-09-25T15:40:34.000+02:00,UP=45,WARN=12,DOWN=5 _time=2019-09-25T15:41:34.000+02:00,UP=43,WARN=14,DOWN=3 _time=2019-09-25T15:42:34.000+02:00,UP=45,WARN=12,DOWN=3** UP,WARN and DOWN values are a count of "status" (UP,WARN and DOWN) at _time (these results are retrieved through REST API sourcetype, so I cannot change anything at the indexing level) I would like to build a graph showing "status" by _time Unfortunately, it seems that a timechart can only be built based on some count() or avg() or sum() ... etc but since my values are already a count, what can be my options here? All my tries led to displaying incorrect data :-( Thank you in advance!

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>