Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Creating a chart by month

elijahm
Explorer
‎08-08-2019 12:56 PM

I am trying to make a line graph that shows that months of the year as the x-axis. There should be three lines in this graph. The first line should show the amount of occurrences of the "GetPolicy.doPost(56)" string in each month. The second line should show the amount of occurrences of the string "ActivateNode.doPost(94)" and the third line should show the difference of the occurrences between the two above strings. Below I calculated the difference and I am very new to splunk and I don't know how to move forward with creating the graph.

index= client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "GetPolicy.doPost(56)"

| stats count as start

| appendcols [search index= client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "ActivateNode.doPost(94)"

| stats count as end ]

| eval Difference=start-end

| table Difference

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎08-08-2019 01:22 PM

try this:

index=client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "GetPolicy.doPost(56)" OR "ActivateNode.doPost(94)" 
| stats count(eval(like(_raw,"%GetPolicy.doPost(56)%"))) as "GetPolicy_doPost" count(eval(like(_raw,"%ActivateNode.doPost(94)%"))) as "ActivateNode_doPost" by date_month 
| eval Difference=GetPolicy_doPost-ActivateNode_doPost

And then go to visualization and select appropriate chart to see graph view 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎08-08-2019 01:22 PM

try this:

index=client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "GetPolicy.doPost(56)" OR "ActivateNode.doPost(94)" 
| stats count(eval(like(_raw,"%GetPolicy.doPost(56)%"))) as "GetPolicy_doPost" count(eval(like(_raw,"%ActivateNode.doPost(94)%"))) as "ActivateNode_doPost" by date_month 
| eval Difference=GetPolicy_doPost-ActivateNode_doPost

And then go to visualization and select appropriate chart to see graph view 🙂

0 Karma
Reply
Solved! Jump to solution

elijahm
Explorer
‎08-08-2019 01:50 PM

Thanks so much!

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...