Solved: One-dimensional bar charts

helge · ‎11-23-2012

I have a single row with, say, three values. I want to visualize these values using a bar chart so that the user can easiliy see the differences between the values.

However, it does not seem to be possible to display such "one-dimensional" charts. I guess I must be missing something.

Example:

This (sample) search yields one row with three values:

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) median(kb) min(kb)

I want it displayed similar to this.

Is that possible? If so, how?

jonuwz · ‎11-23-2012

Try this :

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | untable ignore metric value | fields - ignore

or

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | transpose | rename column as metric "row 1" as value

View solution in original post

jonuwz · ‎11-23-2012

Try this :

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | untable ignore metric value | fields - ignore

or

index=_internal source="*metrics.log" group=per_sourcetype_thruput | stats avg(kb) as avg median(kb) as median min(kb) as min | transpose | rename column as metric "row 1" as value

helge · ‎11-23-2012

Interesting, thank you!

One-dimensional bar charts

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation

One-dimensional bar charts

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)