Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Not able to draw bar chart

uppukumar
Explorer
‎07-05-2019 05:55 AM

Hi All,

<|script python afiStatistics afiStats >
Above query Result is following output:

Type Count
Allowed 11
Blocked 12

With the above query i want create Bar chart, But it is not able to draw the chart

Expected output
|
Type|--------------------------------------------
|--------------------------
|
Count

advance Thanks,

0 Karma
Reply

woodcock
Esteemed Legend
‎07-06-2019 02:01 PM

Just add | table Type Count to change the order of the fields; here is a run-anywhere example:

| makeresults 
| eval raw="Type=Allowed,Count=11 Type=Blocked,Count=12" 
| makemv raw 
| mvexpand raw 
| rename raw As _raw 
| kv
| fields - _*
| table Type Count
0 Karma
Reply

rbechtold
Communicator
‎07-05-2019 11:29 AM

Hey Uppukumar!

Let me know if this works for you:

...BASE SEARCH...
| table Type Count 
| chart values(Count) AS Count by Type 
| sort - Count

Make sure the "Bar Chart" is selected as your visualization type, and your data should display the way you described.

Since the count is already aggregated in your data, the values function should work for you.

If you would prefer aggregate your data or chart it in a different way, refer to the "Stats function options" section of the Splunk chart documentation.

https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/Chart

Let me know if you have any problems!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...