Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I make a different bar chart for each day in a given timerange ?

sandeepmakkena
Contributor
‎10-10-2018 08:32 AM

mysearch

| eval Status=if(like(_raw, "%POSTING:SUCCEEDED%"), "2.Successful transactions" , "1.Rejected Transactions") 
| timechart count by Status span=1hr | timewrap 1day

I am trying to compare today's total successful transactions and rejected transactions with past 2days, past3days...past7days. I am trying to use the above query, but it is getting me a separate bar graph from successful and rejected( I want them to be stacked) Please help me achieve this.
Thank you.,

0 Karma
Reply

Vijeta
Influencer
‎10-10-2018 08:46 AM

You can change the format to stack mode from Visualization format.

0 Karma
Reply

sandeepmakkena
Contributor
‎10-10-2018 08:55 AM

I tried that it didnot work. It is giving me a big bar graph will all days selected with different colors.

0 Karma
Reply

Vijeta
Influencer
‎10-10-2018 09:30 AM

You need to combine last 2 days as one , you can do that by renaming and eval. Also since you are comparing current date with last 2 days
|rename "2.Successful transactions_1day_before" as Last_Success_1, rename "1.Rejected Transactions_1day_before" as Last_Rejected_1, "2.Successful transactions_2day_before" as Last_Success_2, rename "1.Rejected Ttransactions_2day_before" as Last_Rejected_2
|eval Last_Success=Last_Success_1 + Last_Success_2
|eval Last_Rejected= Last_Rejected_1 + Last_Rejected_2
| fields _time Last_Success Last_Rejected 2.Successful transactions_latest_day "1.Rejected Transactions_latest_day"

0 Karma
Reply

sandeepmakkena
Contributor
‎10-10-2018 10:07 AM

Thanks for the info, but let’s say if I want to compare last 7days should I keep on renaming all the days If so I think there should be a better way. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...