Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Problem to make my bar chart to be stacked

martinovm
Explorer
‎10-29-2013 11:22 AM

Hi ,
I’m on Splunk version 4.3.2I have a simple query that I can render as a bar chart but I’ve a problem to make my bar chart to be stacked. Is there any requirement for the Splunk query in order to produce proper stacked bar chart. Is there something that I need to know?
Thanks,
Martin

Tags (2)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎10-29-2013 12:03 PM

The only search-language piece, is to make sure you're using the timechart or chart command to have one field's values basically down the left hand side of the table, and a second field's values listed along the column headers of the table. It looks like you're doing this already, and the rest of it is not something you do in the search language but rather in the dashboard settings.

If you're using the dashboard wizard UI look inside the "Edit Visualization" options for a "stacked" option. It should be pretty easy to find.

If you're hand-editing simple XML, then add 

<option name="charting.chart.stackMode">stacked</option>

inside your <chart> element.

and if you're using the "Advanced XML", then put 

<param name="charting.chart.stackMode">stacked</param>

inside a HiddenChartFormatter just upstream from your JSChart or FlashChart.

Reply

martinovm
Explorer
‎10-31-2013 07:29 AM

Hey, thanks a lot for your response. I’ve used the stacked
inside a HiddenChartFormatter but it hasn’t helped. The solution was to add proper second breakthrough parameter to the chart.In my case it was request_id: so I’ve changed my search query to this one:
index=* request_id=$request_id$ |rex_stats|eval System_CPU_load = round(System_CPU_load *100,2)|stats max(System_CPU_load) as max_cpu_usage by request_id,task_id,phase_id|chart avg(max_cpu_usage) by request_id,phase_id|rename avg(max_cpu_usage) as "Average CPU Usage(%)"

0 Karma
Reply

qbolbk59
Path Finder
‎11-30-2018 04:52 AM

Hi @sideview

I am also facing the same issue. I am using the below query to generate a stacked bar graph but somehow it's not giving me stacked bar graph output. I tried selecting the stacked graph option but didn't helped. Also tried adding the XML entry but still no luck.

Query:
|inputlookup Tickets2.csv |search Status=Pending | eval tnow=now() | eval ptime=strptime(Logged_on,"%d/%m/%Y") | eval age=tnow-ptime | search age<1296000 | stats count by Logged_on,Type

Not sure what's the error.

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎11-30-2018 04:10 PM

stats count by Logged_on, Type will give you what's sometimes called "stats style" output rows. This isn't what you want, and it can't really be "stacked".

What you want is chart count over Logged_on by Type, and this is called "chart style" output rows.

And last but not least, "chart style" rows can be stacked.

Further reading - sometimes in really advanced cases you need to kinda flip things around from one style of rows to another, and this is what xyseries and untable are for, if you've ever wondered. xyseries is an advanced command whose main purpose in life is to turn "stats style" output rows into "chart style" output rows, and untable does the opposite.

Reply

qbolbk59
Path Finder
‎12-07-2018 01:56 AM

Hi @sideview ... indeed. chart count by works fine for me. Thanks for the help.

0 Karma
Reply

martinovm
Explorer
‎10-29-2013 11:46 AM

Thanks, this is the search I've been playing with:
index=* request_id=$request_id$ |`rex_stats`|eval System_CPU_load = round(System_CPU_load *100\,2)|stats max(System_CPU_load) as max_cpu_usage by task_id,phase_id|eval xlabel=phase_id|chart avg(max_cpu_usage) by xlabel,phase_id|rename xlabel AS phase_id|rename avg(max_cpu_usage) as "Average CPU Usage(%)"

0 Karma
Reply

lukejadamec
Super Champion
‎10-29-2013 11:33 AM

What is your search?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...