topic Re: How do I create a histogram to show distribution? in Splunk Search

How do I create a histogram to show distribution?

earriaga — Thu, 07 Feb 2019 19:31:36 GMT

I have a search like this:

My Search|chart count(data.url) as SongsPlayed  over userEmail

It gives me a list of users and the number of songs they listen to for a time.

I would like a chart that breaks down the users in groups, like those who listen between 0-10, the up to 20, 30 etc.

How do I do that in Splunk?

Eva

Re: How do I create a histogram to show distribution?

woodcock — Thu, 07 Feb 2019 20:54:30 GMT

Like this:

My Search | bin _time span=10s | stats count(data.url) AS SongsPlayed BY userEmail _time

Re: How do I create a histogram to show distribution?

earriaga — Mon, 11 Feb 2019 18:28:27 GMT

Thank you that works, but it is giving me users per 10 seconds, I think?

I want to count number of users, and the number of songs they play.

My basic query gives me the user email and the number of songs they listen to.

What I want is to group those users in buckets, of those who listen between 0 and 10, those who listen to etc.
So for example, it would be a bar graph for each bucket of songs.
10 users play 0-10 songs
34 users play 11-20 songs
etc

Re: How do I create a histogram to show distribution?

woodcock — Mon, 11 Feb 2019 23:23:42 GMT

Like this:

My Search
| stats count(data.url) AS songsPlayed BY userEmail
| bin songsPlayed span=10
| stats dc(userEmail) AS users BY songsPlayed

Re: How do I create a histogram to show distribution?

earriaga — Tue, 29 Sep 2020 23:13:10 GMT

Hi, thank you, it is getting closer but it is still not working.

When I enter this:
index="mobile_app_tracking" event=song
|stats count(data.url) as SongsPlayed BY userEmail
| bin SongsPlayed span=10

I see results, emails with the bucket where they belong

But, when I put the whole thing as you suggested,

I get nothing, no results!

Re: How do I create a histogram to show distribution?

woodcock — Wed, 13 Feb 2019 01:55:22 GMT

You typed it in wrong (my answer has it right). You typed SongPlayed as the last word and it should be SongsPlayed. Missed it by >that< much!

Re: How do I create a histogram to show distribution?

earriaga — Thu, 14 Feb 2019 15:27:44 GMT

Yay, thank you very much!!!

Re: How do I create a histogram to show distribution?

earriaga — Thu, 14 Feb 2019 15:33:13 GMT

It is sorting the buckets as text, all the 10, 100 etc first. Is there a way to order the buckets as number? Or I am asking too much?
:)

Re: How do I create a histogram to show distribution?

woodcock — Thu, 14 Feb 2019 21:00:51 GMT

Be sure to spread around the UpVotes and click Accept on the best answer to close the question.