Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show column chart with 0 values in field and not omit them? (example given)

ayushizile
New Member
‎03-27-2019 08:01 AM

This is the query I've written

| eval sr1=if(priority=1, 1, 0) | eval sr3=if(priority=3, 1, 0) | eval sr2=if(priority=2, 1, 0)

| table caseNumber sr1 sr2 sr3

| eventstats sum(sr3) as totalsr3, sum(sr2) as totalsr2, sum(sr1) as totalsr1

| stats first(totalsr1) first(totalsr2) first(totalsr3)

Output:
first(totalsr1) first(totalsr2) first(totalsr3)
0 1 128

But the column chart shows only 2 columns (first(totalsr2) first(totalsr3)). The data might change in future to have non-zero value in only ONE field..so I want to show column graph with zero values too and not omit them. What am I missing?

Tags (1)
0 Karma
Reply

harishalipaka
Motivator
‎03-27-2019 11:31 PM

hi @ayushizile

You have to give one x-axis or you can add |transpose to end of your query..

| eval sr1=if(priority=1, 1, 0) | eval sr3=if(priority=3, 1, 0) | eval sr2=if(priority=2, 1, 0) 
| table caseNumber sr1 sr2 sr3 
| eventstats sum(sr3) as totalsr3, sum(sr2) as totalsr2, sum(sr1) as totalsr1 
| stats first(totalsr1) first(totalsr2) first(totalsr3) |transpose
Thanks
Harish
0 Karma
Reply

ayushizile
New Member
‎03-28-2019 12:32 AM

Transpose is not working. It is giving incorrect results. what do you mean by "You have to give one x-axis "?

0 Karma
Reply

harishalipaka
Motivator
‎03-28-2019 02:41 AM

@ayushizile

It means in your query first value is taking like a x-axis .transpose will work or add another column with name or time anything ,..you will know the issue

Thanks
Harish
0 Karma
Reply

ayushizile
New Member
‎03-28-2019 04:56 AM

Unfortunately, after transpose data is incorrect. It does not just invert row and columns. The values before and after transpose is different

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...