Solved: One-dimensional bar charts

helge · ‎11-23-2012

I have a single row with, say, three values. I want to visualize these values using a bar chart so that the user can easiliy see the differences between the values.

However, it does not seem to be possible to display such "one-dimensional" charts. I guess I must be missing something.

Example:

This (sample) search yields one row with three values:

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) median(kb) min(kb)

I want it displayed similar to this.

Is that possible? If so, how?

jonuwz · ‎11-23-2012

Try this :

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | untable ignore metric value | fields - ignore

or

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | transpose | rename column as metric "row 1" as value

View solution in original post

jonuwz · ‎11-23-2012

Try this :

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | untable ignore metric value | fields - ignore

or

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | transpose | rename column as metric "row 1" as value

helge · ‎11-23-2012

Interesting, thank you!

One-dimensional bar charts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation