Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I chart top categories over time?

POR160893
Builder
‎03-21-2022 06:00 AM

Hi,

I need to create a chart to show top categories per time.

At the moment, the timechart I am getting is placing the time axis on the y-axis and the categories on the x-axis. In addition, there are over 50 possible categories and the user should be seeing the top 20 categories with the respective count for each time period. So I would imagine 20 line of the graph, no?

Here is what I currently have:

POR160893_0-1647867579949.png

 



Can you please help?


Many thanks,

Patrick

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2022 06:05 AM

Change the chart type from Bar chart to Column chart

Reply

POR160893
Builder
‎03-21-2022 06:22 AM

Thanks 🙂

As I am showing the top categories by count over time, one of the categories makes up over 98% of the entries,. So, one the chart, that entry appears to be the only category being hit. 

POR160893_0-1647868943770.png

 



Is it possible to shew the the count bar so that the other categories become visible too?


0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2022 06:34 AM

A couple of things you could try.

Change the y-axis scale to a logarithmic scale.

ITWhisperer_0-1647869493558.png

Move the high volume category into an overlay with View as Axis On.

ITWhisperer_1-1647869647783.png

 

Reply

POR160893
Builder
‎03-21-2022 06:51 AM

Perfect, this solved my issue 100% 😀

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...