Splunk Search

How to Display multiple bars on chart each based on different token inputs

PBerry7538
New Member

Hi all,
I'm running a search for number of jobs for each shift which works at the moment. Shift pattern is set up to be Early: 6:00-14:00, Late:14:00 - 22:00, Night 22:00 - 06:00. But the manning level is different for each shift. How can i get jobs per man per shift if I need to pass three different tokens in for manning level?
I can get the below to display 3 bars for the shift but they all show the figure using the same value $numofStaff$.

My plan is to add 3 x drop down inputs named Early Late Night so that I can assign a value to one of three tokens to allow me to individually put in different values for each shift and see the bars shown on the graph display values that have been worked out based on the different values placed in each of the three drop down boxes. But I can not figure how how to achieve that .
My query is as follows

index="xxxxx_xxxxx_smp" sourcetype="xxxxxx_xxxxxx_smp_job"   (JOBTYP="BR" OR JOBTYP="BU") STATUS=5 WRKSTID="BB*A*"
|eval iHour=strftime(strptime(TIMESTAMP,"%Y-%m-%d %H:%M:%S"),"%H")
|stats count as HourlyJobs by iHour
|eval Shift = if(iHour >= 6 AND iHour < 14,"Early",if(iHour >= 14 AND iHour < 22, "Late","Night"))
|stats sum(HourlyJobs) as TotalJobs by Shift
|eval JPM = TotalJobs/$numofStaff$
|sort Shift

Any help or advice you can offer would be very much appreciated.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...