Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help how to create bar chart from two different source?

dhavamanis
Builder
‎10-30-2014 08:59 AM

Need a help.

Can you please provide the sample query to draw the bar chart (stacked bar chart) with the below info. We have the two sources and index="idxstaging"

  1. /var/log/idx/dispacher.log
    column:
    transaction_id
    worker_time (number)
    database_time (number)

  2. /var/log/idx/api.log

    Column:
    transaction_id
    api_response_time (number)

how can i build a bar chart based on transaction_id from the above column. We want to show the each transaction how long time its spent for worker_time, database_time and api_response_time.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-30-2014 11:30 AM

Try this:

index=idxstaging (source=/var/log/idx/dispacher.log OR source=/var/log/idx/api.log) | chart sum(worker_time) sum(database_time) sum(api_response_time) by transaction_id

Configure the chart to bar and stacked through the UI.

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-30-2014 11:30 AM

Try this:

index=idxstaging (source=/var/log/idx/dispacher.log OR source=/var/log/idx/api.log) | chart sum(worker_time) sum(database_time) sum(api_response_time) by transaction_id

Configure the chart to bar and stacked through the UI.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-30-2014 12:42 PM

I'm pretty sure that order is based on the column names alphabetically, so name them in a way that suits your ordering needs.

0 Karma
Reply
Solved! Jump to solution

dhavamanis
Builder
‎10-30-2014 12:40 PM

Thank you, is it possible to show in this order from the bottom, api_response_time, worker_time and database_time (o top). because the database values are very less and not showing any results.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-30-2014 11:53 AM

Append this to your search:

... | addtotals | sort - Total | fields - Total
0 Karma
Reply
Solved! Jump to solution

dhavamanis
Builder
‎10-30-2014 11:50 AM

It works, Thank you so much, how can i order the results based value in the chart. like highest value on top and lowest value to bottom.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...