Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to chart with 2 different data over a time period?

angersleek
Path Finder
‎01-27-2020 09:41 AM 
index=my-index ns=my-namespace app_name=my-api DECISION IN (YES, NO) | chart list(DECISION) BY PRODUCT_ID

For above query, how could I possibly chart it for a query of 90 days. I want the data to be shown weekly. There are 11 possible ids for the value PRODUCT_ID.

Thus total 3 things to consider. PRODUCT_ID (11 types), DECISION (2 types) and the timeline to be shown weekly for a 90 day period.
How can I chart this in Splunk? Bit confused as to what chart would fit this scenario and how to write the query to chart this. Appreciate any advice. Thanks.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎01-27-2020 12:43 PM 
index=my-index ns=my-namespace app_name=my-api DECISION IN (YES, NO)

| fields _time DECISION PRODUCT_ID
| bin span=1d _time
| stats  values(PRODUCT_ID) as PRODUCT_ID by _time DECISION

as you like.

View solution in original post

Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎01-27-2020 12:43 PM 
index=my-index ns=my-namespace app_name=my-api DECISION IN (YES, NO)

| fields _time DECISION PRODUCT_ID
| bin span=1d _time
| stats  values(PRODUCT_ID) as PRODUCT_ID by _time DECISION

as you like.

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎01-27-2020 09:50 AM

Try this 

index=my-index ns=my-namespace app_name=my-api DECISION IN (YES, NO) earliest=-90d@d latest=now
| timechart values(DECISION) BY PRODUCT_ID
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...