Re: Setting 2 X-Axis Values in a Chart

elomotanpru · ‎05-19-2022

Hey everyone,

Currently making a report for my team that requires to have two X-Axis values based on the excel sheet shared with me. Below are some screenshots of the desired output, my progress so far, and search query based on what I have learned so far.

The goal:

What I am familiar with using chart in the search:

My search string

| eval DATE=strftime(strptime(DATE,"%d%b%Y"),"%Y-%m-%d")
| eval _time=strptime(DATE." ","%Y-%m-%d")
| where _time >= strptime("$from$", "%m/%d/%Y") AND _time <= strptime("$to$", "%m/%d/%Y")
| eval epochtime=strptime(TIME, "%H:%M:%S")| eval desired_time=strftime(epochtime, "%I:%M:%S %p")
| chart sum(VIO_PAGING_SEC) as "$lpar$ Sum of VIO_PAGING_SEC" sum(SYSTEM_PAGEFAULTS_SEC) as "$lpar$ SYSTEM_PAGEFAULTS_SEC" sum(SWAP_PAGIN_SEC) as "$lpar$ SWAP_PAGIN_SEC" sum(LOCAL_PAGEFAULTS_SEC) as "$lpar$ LOCAL_PAGEFAULTS_SEC" over desired_time

ITWhisperer · ‎05-19-2022

This is not possible with standard charts

elomotanpru · ‎05-19-2022

Is there a way to implement not using charts with the default Splunk dashboard capabilities?

How to set 2 X-Axis Values in a Chart?

chart

panel

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?