Solved: Re: Help with creating a graph

jmac8994 · ‎06-23-2016

So this may be an easy question, but I am new at using splunk and I am trying to create a graph for the number of licences counted for the day. Currently we have a log that comes in formatted like this:

count_active_ip[13109]: licensed usage ok: licensed: 150 counted v4: 63 counted v6: 0

What I would like to do is take the V4 aspect( so in this case 63) and would like to make that in a bar graph over the next 7 days so it shows fluctuation within the week. Is there any possible way to do that? I am not sure what exactly I would put in to get the visualization to work properly.

Thank you

woodcock · ‎06-23-2016

Like this:

... | rex "licensed usage\s+(?<LicenseStatus>[^:]+):\s+licensed:\s+(?<LicenseLimit>\d+)\s+counted v4:\s+(?<LicenseCountedV4>\d+)\s+counted v6:\s+(?<LicenseCountedV6>\d+)" | timechart span=1h avg(LicenseCountedV4)

View solution in original post

woodcock · ‎06-23-2016

Like this:

... | rex "licensed usage\s+(?<LicenseStatus>[^:]+):\s+licensed:\s+(?<LicenseLimit>\d+)\s+counted v4:\s+(?<LicenseCountedV4>\d+)\s+counted v6:\s+(?<LicenseCountedV6>\d+)" | timechart span=1h avg(LicenseCountedV4)

Help with creating a graph

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Casting Call: Compete in Cyber Games

Announcing Modern Navigation: A New Era of Splunk User Experience

How Edge Processor's Durable Queue Works

Join the Conversation