Archive

Stacked Bar Chart by the Number of Records per Category (stacked y-axis) by Week (x-axis)

Explorer

I'm trying to create a stacked chart with the following data:

y-axis: Number of Change Requests per Reason (stacked)
x-axis: by Week (format: 2017-01-23, 2017-01-30, n)

Result: The Number of Change Requests per Reason (stacked) by Week in the past 2 months

Search:
index=snow sourcetype="snow:change_request" reason="Firewall*"
| eval impDate= strptime(u_actual_impl_end_date, "%Y-%m-%d %H:%M:%S")
| where impDate>=relative_time(now(),"-2mon")
| dedup number

0 Karma

Esteemed Legend

Maybe this:

index=snow sourcetype="snow:change_request" reason="Firewall*"
| eval _time = strptime(u_actual_impl_end_date, "%Y-%m-%d %H:%M:%S") 
| where _time >= relative_time(now(),"-2mon") 
| dedup number
| timechart span=1w count BY reason
0 Karma

SplunkTrust
SplunkTrust

Hi tmaltizo, do you have timestamps in your events?
if you do try this:

 index=snow sourcetype="snow:change_request" reason="Firewall*" | timechart span=7d count(reason)
usenull=f 

hope it helps

0 Karma