- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Help on a bar chart with scale
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi
With the search below, I display a line chart which shows an average CPU consumption
`CPU`
| stats avg(process_cpu_used_percent) as process_cpu_used_percent by host
Now i need a bart chart which count the number of hosts for a process_cpu_used_percent between 0 and 20, 20 and 40, 40 and 60, 60 and 80 and 80 and 100
So I need 5 bar in my bart chart whith the cpu usage in x and the number of host in y
could you help me please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jip31 please add the following to your existing search and confirm!
<yourCurrentSearchReturningCPUPercByHosts>
| eval cpu_range=case(process_cpu_used_percent>0 AND process_cpu_used_percent <=20,"0-20",
process_cpu_used_percent>20 AND process_cpu_used_percent <=40,"20-40",
process_cpu_used_percent>40 AND process_cpu_used_percent <=60,"40-60",
process_cpu_used_percent>60 AND process_cpu_used_percent <=80,"60-80",
process_cpu_used_percent>80 AND process_cpu_used_percent <=100,"80-100")
| stats count(host) as hosts by cpu_range
| append
[| makeresults
| fields - _time
| eval cpu_range="0-20,20-40,40-60,60-80,80-100"
| makemv cpu_range delim=","
| mvexpand cpu_range
| eval hosts=0]
| dedup cpu_range
| sort cpu_range
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Like this:
`CPU`
| stats avg(process_cpu_used_percent) AS process_cpu_used_percent BY host
| bin process_cpu_used_percent span=20 bins=5
| stats count BY process_cpu_used_percent
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi woodcock
I need a span on the _time field and not on process_cpu_used_percent field
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your question says nothing like that. I don't know what you mean; I only know what you wrote. My answer solves the problem in your OP as it was written.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jip31 please add the following to your existing search and confirm!
<yourCurrentSearchReturningCPUPercByHosts>
| eval cpu_range=case(process_cpu_used_percent>0 AND process_cpu_used_percent <=20,"0-20",
process_cpu_used_percent>20 AND process_cpu_used_percent <=40,"20-40",
process_cpu_used_percent>40 AND process_cpu_used_percent <=60,"40-60",
process_cpu_used_percent>60 AND process_cpu_used_percent <=80,"60-80",
process_cpu_used_percent>80 AND process_cpu_used_percent <=100,"80-100")
| stats count(host) as hosts by cpu_range
| append
[| makeresults
| fields - _time
| eval cpu_range="0-20,20-40,40-60,60-80,80-100"
| makemv cpu_range delim=","
| mvexpand cpu_range
| eval hosts=0]
| dedup cpu_range
| sort cpu_range
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Niket
Sorry to bother you but could you have a look to the topic below please
https://answers.splunk.com/answers/803891/help-on-complex-bar-chart.html
It was you that gave me the solution but I need some little changes
Could you help me please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
its perfect many thanks
last question : I need to add a span value in my code
I have added | bin span=50m _time and | stats count(host) as hosts by cpu_range _time
does it seems to be good?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jip31 instead of bin and stats you can directly try the timechart command...
| timechart span=15min dc(host) as "Number" by cpu_range
Following is a run anywhere example based on the SPL and details provided so far:
| makeresults count=1000
| eval delta=300
| accum delta
| eval _time=_time-delta
| fields - delta
| eval host="host", counter=random()%5
| eval counter=printf("%02d",counter),host=host.counter
| fields - counter
| eval process_cpu_used_percent=random(), process_cpu_used_percent=substr(process_cpu_used_percent,1,2)
| eval cpu_range=case(process_cpu_used_percent>0 AND process_cpu_used_percent <=20,"0-20",
process_cpu_used_percent>20 AND process_cpu_used_percent <=40,"20-40",
process_cpu_used_percent>40 AND process_cpu_used_percent <=60,"40-60",
process_cpu_used_percent>60 AND process_cpu_used_percent <=80,"60-80",
process_cpu_used_percent>80 AND process_cpu_used_percent <=100,"80-100")
| timechart span=15min dc(host) as "Number" by cpu_range
PS: The query creates 1000 data points for 5 hosts every 5 min with the cpu used percentage between 0-100.
Please try out and confirm. Do accept and up-vote the answer/comments if they helped.
| makeresults | eval message= "Happy Splunking!!!"
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
