Dashboards & Visualizations

Help how to create bar chart from two different source?

dhavamanis
Builder

Need a help.

Can you please provide the sample query to draw the bar chart (stacked bar chart) with the below info. We have the two sources and index="idxstaging"

  1. /var/log/idx/dispacher.log
    column:
    transaction_id
    worker_time (number)
    database_time (number)

  2. /var/log/idx/api.log

    Column:
    transaction_id
    api_response_time (number)

how can i build a bar chart based on transaction_id from the above column. We want to show the each transaction how long time its spent for worker_time, database_time and api_response_time.

0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Try this:

index=idxstaging (source=/var/log/idx/dispacher.log OR source=/var/log/idx/api.log) | chart sum(worker_time) sum(database_time) sum(api_response_time) by transaction_id

Configure the chart to bar and stacked through the UI.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Try this:

index=idxstaging (source=/var/log/idx/dispacher.log OR source=/var/log/idx/api.log) | chart sum(worker_time) sum(database_time) sum(api_response_time) by transaction_id

Configure the chart to bar and stacked through the UI.

martin_mueller
SplunkTrust
SplunkTrust

I'm pretty sure that order is based on the column names alphabetically, so name them in a way that suits your ordering needs.

0 Karma

dhavamanis
Builder

Thank you, is it possible to show in this order from the bottom, api_response_time, worker_time and database_time (o top). because the database values are very less and not showing any results.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Append this to your search:

... | addtotals | sort - Total | fields - Total
0 Karma

dhavamanis
Builder

It works, Thank you so much, how can i order the results based value in the chart. like highest value on top and lowest value to bottom.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...