Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to plot a trellis chart showing the average time spent on a website?

splunkis0927
Engager
‎07-05-2022 09:33 PM

Hi Community, 

If i need Plot a trellis chart showing the average time spent on a website for each user session by browser

what's the best approach for this ?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-05-2022 11:40 PM

Hi @splunkis0927,

everything in Splunk is a search, so you have to create a search to have the result that you need, then you can choose the way to show your results (e.g. Trellis).

At first you have to find the results to aggregate and then aggregate them using some stremeing command like stats, something like this:

index=your_index sourcetype=your_sourcetype
| stats count BY session_id

when you have the results as a table, you can use the gui fetures of Splunk to choose the chart you like and the Trellis.

But As I said, Trellins and chart type is a secondary issue: secondary for importance and scheduling.

Ciao.

Giuseppe

Reply

splunkis0927
Engager
‎07-06-2022 12:02 AM

splunkis0927_0-1657090774239.png

thanks for the help. here is the output I am going to try,  but atm i am not sure how to aggregate these browsers in a table

splunkis0927_1-1657090835235.png

splunkis0927_2-1657090871592.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-06-2022 12:57 AM

Hi @splunkis0927,

the search you used is without sense!

you have to choose to use transaction ( I use it only when I don't have any other solution because it's a very slow command!) or stats.

In addition, you could also use timechart but only if you have one field for grouping (e.g. only JSESSIONID or clientip).

Then if you use _time in stats, you have also to use bin otherwise in this way you have groups that differs for a second.

try something like this:

index=main "http://www.buttercupgames"
| bin span=1h _time
| stats count BY SESSIONID clientip _time

Ciao.

Giuseppe

0 Karma
Reply

splunkis0927
Engager
‎07-06-2022 07:25 AM

Thank you so much !!

I think I have the data now, but not sure how to  Plot a trellis chart showing the average time for
each user session by browser  

 

splunkis0927_0-1657117463195.png

splunkis0927_1-1657117475162.png

 

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...