Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to plot a trellis chart showing the average time spent on a website?

splunkis0927
Engager
‎07-05-2022 09:33 PM

Hi Community, 

If i need Plot a trellis chart showing the average time spent on a website for each user session by browser

what's the best approach for this ?

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-05-2022 11:40 PM

Hi @splunkis0927,

everything in Splunk is a search, so you have to create a search to have the result that you need, then you can choose the way to show your results (e.g. Trellis).

At first you have to find the results to aggregate and then aggregate them using some stremeing command like stats, something like this:

index=your_index sourcetype=your_sourcetype
| stats count BY session_id

when you have the results as a table, you can use the gui fetures of Splunk to choose the chart you like and the Trellis.

But As I said, Trellins and chart type is a secondary issue: secondary for importance and scheduling.

Ciao.

Giuseppe

Reply

splunkis0927
Engager
‎07-06-2022 12:02 AM

splunkis0927_0-1657090774239.png

thanks for the help. here is the output I am going to try,  but atm i am not sure how to aggregate these browsers in a table

splunkis0927_1-1657090835235.png

splunkis0927_2-1657090871592.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-06-2022 12:57 AM

Hi @splunkis0927,

the search you used is without sense!

you have to choose to use transaction ( I use it only when I don't have any other solution because it's a very slow command!) or stats.

In addition, you could also use timechart but only if you have one field for grouping (e.g. only JSESSIONID or clientip).

Then if you use _time in stats, you have also to use bin otherwise in this way you have groups that differs for a second.

try something like this:

index=main "http://www.buttercupgames"
| bin span=1h _time
| stats count BY SESSIONID clientip _time

Ciao.

Giuseppe

0 Karma
Reply

splunkis0927
Engager
‎07-06-2022 07:25 AM

Thank you so much !!

I think I have the data now, but not sure how to  Plot a trellis chart showing the average time for
each user session by browser  

 

splunkis0927_0-1657117463195.png

splunkis0927_1-1657117475162.png

 

 

Tags (1)
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...