Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RatioBar Example Usage

srepetsk
New Member
‎08-15-2011 11:33 AM

I'm fairly inexperienced with writing complex charting XML in Splunk, and I'd like to see if anyone has an example for how to use RatioBar graphs. I'd like to create a graph of the count of all events over time, with the bars splitting out into the ratio of which hosts they came from (perhaps limiting to the top 5 or something). Thanks in advance

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

BobM
Builder
‎08-15-2011 02:40 PM

The easiest way to do this is in the advanced charting view.

Search app >> views >> advanced charting

... | timechart count by <field> limit=5 useother=f

Set chart type to "column" and stack mode to "stacked" or "100% stacked" if you prefer.

View solution in original post

Reply
Solved! Jump to solution
Solution

BobM
Builder
‎08-15-2011 02:40 PM

The easiest way to do this is in the advanced charting view.

Search app >> views >> advanced charting

... | timechart count by <field> limit=5 useother=f

Set chart type to "column" and stack mode to "stacked" or "100% stacked" if you prefer.

Reply
Solved! Jump to solution

srepetsk
New Member
‎08-18-2011 07:55 AM

Excellent! Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...