Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show column chart with 0 values in field and not omit them? (example given)

ayushizile
New Member
‎03-27-2019 08:01 AM

This is the query I've written

| eval sr1=if(priority=1, 1, 0) | eval sr3=if(priority=3, 1, 0) | eval sr2=if(priority=2, 1, 0)

| table caseNumber sr1 sr2 sr3

| eventstats sum(sr3) as totalsr3, sum(sr2) as totalsr2, sum(sr1) as totalsr1

| stats first(totalsr1) first(totalsr2) first(totalsr3)

Output:
first(totalsr1) first(totalsr2) first(totalsr3)
0 1 128

But the column chart shows only 2 columns (first(totalsr2) first(totalsr3)). The data might change in future to have non-zero value in only ONE field..so I want to show column graph with zero values too and not omit them. What am I missing?

Tags (1)
0 Karma
Reply

harishalipaka
Motivator
‎03-27-2019 11:31 PM

hi @ayushizile

You have to give one x-axis or you can add |transpose to end of your query..

| eval sr1=if(priority=1, 1, 0) | eval sr3=if(priority=3, 1, 0) | eval sr2=if(priority=2, 1, 0) 
| table caseNumber sr1 sr2 sr3 
| eventstats sum(sr3) as totalsr3, sum(sr2) as totalsr2, sum(sr1) as totalsr1 
| stats first(totalsr1) first(totalsr2) first(totalsr3) |transpose
Thanks
Harish
0 Karma
Reply

ayushizile
New Member
‎03-28-2019 12:32 AM

Transpose is not working. It is giving incorrect results. what do you mean by "You have to give one x-axis "?

0 Karma
Reply

harishalipaka
Motivator
‎03-28-2019 02:41 AM

@ayushizile

It means in your query first value is taking like a x-axis .transpose will work or add another column with name or time anything ,..you will know the issue

Thanks
Harish
0 Karma
Reply

ayushizile
New Member
‎03-28-2019 04:56 AM

Unfortunately, after transpose data is incorrect. It does not just invert row and columns. The values before and after transpose is different

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...