Dashboards & Visualizations

How to rename xyseries columns?

ttriman
Engager

Hello - I am trying to rename column produced using xyseries for splunk dashboard.
Can I do that or do I need to update our raw splunk log?

The log event details=

 

 

data: { [-]
     errors: [ [+]
     ]
     failed: false
     failureStage: null
     event: GeneratePDF
     jobId: 144068b1-46d8-4e6f-b3a9-ead742641ffd
     pageCount: 1
     pdfSizeInMb: 7.250756
     }
     userId: user1@user.com

 

 

 

the current splunk query I have is -

 

 

 

 | stats count by data.userId, data.failed | xyseries data.userId, data.failed count

 

 

 


Currently - my data is returning as follows

data.userId false true
User1@user.com 2  
User2@user.com 3 1
User3@user.com 2 2

 


Can I rename false = Successful and true = Failed?

 

Thank you in advance

Labels (1)
Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, you can rename the fields either before or after xyseries.

After:

 

| stats count by data.userId, data.failed 
| xyseries data.userId, data.failed count
| rename false AS Successful, true AS Failed

 

Before:

 

| stats count by data.userId, data.failed 
| eval data.failed = if(data.failed="false", "Successful", "Failed")
| xyseries data.userId, data.failed count

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

ttriman
Engager

That works!! Thank you so much for the fast reply!

richgalloway
SplunkTrust
SplunkTrust

Yes, you can rename the fields either before or after xyseries.

After:

 

| stats count by data.userId, data.failed 
| xyseries data.userId, data.failed count
| rename false AS Successful, true AS Failed

 

Before:

 

| stats count by data.userId, data.failed 
| eval data.failed = if(data.failed="false", "Successful", "Failed")
| xyseries data.userId, data.failed count

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...