Solved: Help with creating a graph

jmac8994 · ‎06-23-2016

So this may be an easy question, but I am new at using splunk and I am trying to create a graph for the number of licences counted for the day. Currently we have a log that comes in formatted like this:

count_active_ip[13109]: licensed usage ok: licensed: 150 counted v4: 63 counted v6: 0

What I would like to do is take the V4 aspect( so in this case 63) and would like to make that in a bar graph over the next 7 days so it shows fluctuation within the week. Is there any possible way to do that? I am not sure what exactly I would put in to get the visualization to work properly.

Thank you

woodcock · ‎06-23-2016

Like this:

... | rex "licensed usage\s+(?<LicenseStatus>[^:]+):\s+licensed:\s+(?<LicenseLimit>\d+)\s+counted v4:\s+(?<LicenseCountedV4>\d+)\s+counted v6:\s+(?<LicenseCountedV6>\d+)" | timechart span=1h avg(LicenseCountedV4)

View solution in original post

woodcock · ‎06-23-2016

Like this:

... | rex "licensed usage\s+(?<LicenseStatus>[^:]+):\s+licensed:\s+(?<LicenseLimit>\d+)\s+counted v4:\s+(?<LicenseCountedV4>\d+)\s+counted v6:\s+(?<LicenseCountedV6>\d+)" | timechart span=1h avg(LicenseCountedV4)

Help with creating a graph

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

Help with creating a graph

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...