- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Creating a chart by month
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to make a line graph that shows that months of the year as the x-axis. There should be three lines in this graph. The first line should show the amount of occurrences of the "GetPolicy.doPost(56)" string in each month. The second line should show the amount of occurrences of the string "ActivateNode.doPost(94)" and the third line should show the difference of the occurrences between the two above strings. Below I calculated the difference and I am very new to splunk and I don't know how to move forward with creating the graph.
index= client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "GetPolicy.doPost(56)"
| stats count as start
| appendcols [search index= client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "ActivateNode.doPost(94)"
| stats count as end ]
| eval Difference=start-end
| table Difference
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this:
index=client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "GetPolicy.doPost(56)" OR "ActivateNode.doPost(94)"
| stats count(eval(like(_raw,"%GetPolicy.doPost(56)%"))) as "GetPolicy_doPost" count(eval(like(_raw,"%ActivateNode.doPost(94)%"))) as "ActivateNode_doPost" by date_month
| eval Difference=GetPolicy_doPost-ActivateNode_doPost
And then go to visualization and select appropriate chart to see graph view 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this:
index=client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" "GetPolicy.doPost(56)" OR "ActivateNode.doPost(94)"
| stats count(eval(like(_raw,"%GetPolicy.doPost(56)%"))) as "GetPolicy_doPost" count(eval(like(_raw,"%ActivateNode.doPost(94)%"))) as "ActivateNode_doPost" by date_month
| eval Difference=GetPolicy_doPost-ActivateNode_doPost
And then go to visualization and select appropriate chart to see graph view 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks so much!
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
Adoption of Infrastructure Monitoring at Splunk
