Hello Splunk Family,
I am looking for help on making a graph in Splunk.
I am trying to monitor the amount of transactions by different methods names with different objects and separate that by date.
Here is an example of the data I have
| Date |
Object Type |
Object Name |
Total Transactions |
| Aug 1 |
LibPush |
Root |
15 |
| Aug 1 |
LibPush |
ProcessQueue |
12 |
| Aug 1 |
LibPush |
Failed |
2 |
| Aug 1 |
Company |
ChangeConfigSet |
34 |
| Aug 1 |
Company |
CleanUpMsg |
15 |
| Aug 1 |
Company |
GetMsg |
32 |
| Aug 1 |
Company |
SendMSG |
13 |
| Aug 2 |
LibPush |
Root |
15 |
| Aug 2 |
LibPush |
ProcessQueue |
12 |
| Aug 2 |
LibPush |
Failed |
2 |
| Aug 2 |
Company |
ChangeConfigSet |
34 |
| Aug 2 |
Company |
CleanUpMsg |
15 |
| Aug 2 |
Company |
GetMsg |
32 |
| Aug 2 |
Company |
SendMSG |
45 |
| Aug 3 |
LibPush |
Root |
15 |
| Aug 3 |
LibPush |
ProcessQueue |
12 |
| Aug 3 |
LibPush |
Failed |
2 |
| Aug 3 |
Company |
ChangeConfigSet |
34 |
| Aug 3 |
Company |
CleanUpMsg |
15 |
| Aug 3 |
Company |
GetMsg |
32 |
| Aug 3 |
Company |
SendMSG |
45 |
The only thing is that there are a lot of Object Types and Object Names so maybe the top 10 object types per day.
Here is a lame attempt at a drawing of what I want.
Here is the code I got so far
[mycode] | bin _time span=1d| chart count(indexid) over actionelementname by actionelementtype
but it is missing the date and it is not stacked.
Any help would be deeply appreciated!
