Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I make a different bar chart for each day in a given timerange ?

sandeepmakkena
Contributor
‎10-10-2018 08:32 AM

mysearch

| eval Status=if(like(_raw, "%POSTING:SUCCEEDED%"), "2.Successful transactions" , "1.Rejected Transactions") 
| timechart count by Status span=1hr | timewrap 1day

I am trying to compare today's total successful transactions and rejected transactions with past 2days, past3days...past7days. I am trying to use the above query, but it is getting me a separate bar graph from successful and rejected( I want them to be stacked) Please help me achieve this.
Thank you.,

0 Karma
Reply

Vijeta
Influencer
‎10-10-2018 08:46 AM

You can change the format to stack mode from Visualization format.

0 Karma
Reply

sandeepmakkena
Contributor
‎10-10-2018 08:55 AM

I tried that it didnot work. It is giving me a big bar graph will all days selected with different colors.

0 Karma
Reply

Vijeta
Influencer
‎10-10-2018 09:30 AM

You need to combine last 2 days as one , you can do that by renaming and eval. Also since you are comparing current date with last 2 days
|rename "2.Successful transactions_1day_before" as Last_Success_1, rename "1.Rejected Transactions_1day_before" as Last_Rejected_1, "2.Successful transactions_2day_before" as Last_Success_2, rename "1.Rejected Ttransactions_2day_before" as Last_Rejected_2
|eval Last_Success=Last_Success_1 + Last_Success_2
|eval Last_Rejected= Last_Rejected_1 + Last_Rejected_2
| fields _time Last_Success Last_Rejected 2.Successful transactions_latest_day "1.Rejected Transactions_latest_day"

0 Karma
Reply

sandeepmakkena
Contributor
‎10-10-2018 10:07 AM

Thanks for the info, but let’s say if I want to compare last 7days should I keep on renaming all the days If so I think there should be a better way. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...