topic splunk query in Security

splunk query

Nith1 — Thu, 13 May 2021 05:43:16 GMT

Hi

Can someone help me with the query for the below requirment

i have User A, User B, User C and so onn with the job status as Inprogress,To Do, Done

Need to list the jobs assigned to all the users in the form of bar chart i.e) may be USer A has job status as inprogess, to do

User A -- Inprogress
To do

User B -To Do
Done

Thanks

Re: splunk query

kamlesh_vaghela — Thu, 13 May 2021 05:50:42 GMT

@Nith1

Try this.

YOUR_SEARCH | stats values(Status) as Status by User

Sample:

For bar chart, can you please share more on how you want to display chart?

Thanks
Kamlesh Vaghela

Re: splunk query

Nith1 — Thu, 13 May 2021 08:44:28 GMT

Hi @kamlesh_vaghela

Thanks for the queryi could view the data in the form of taable but when i change to bar chart representation its not displaying any data can you please guide

Re: splunk query

kamlesh_vaghela — Thu, 13 May 2021 09:15:04 GMT

@Nith1

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search.

YOUR_SEARCH | table User Status | eval {Status}=1 | fields - Status | stats values(*) as * by User

Sample:

| makeresults | eval _raw="User Status User A In Progess User B In Progess User C To do User A Done User B Done User C Done " | multikv forceheader=1 | table User Status | eval {Status}=1 | fields - Status | stats values(*) as * by User

If this reply helps you, an upvote would be appreciated.

Thanks
Kamlesh Vaghela