Re: Scatter Plot with non-numeric y values

lundstrt · ‎05-02-2013

My data table looks like this:

Product TimeOfSale
Shirt   5/2/13 5:00:00.000 PM  
Shirt   5/2/13 6:00:00.000 PM  
Slacks  5/2/13 6:00:00.000 PM  
Jacket  5/2/13 7:00:00.000 PM  
Slacks  5/2/13 8:00:00.000 PM

How would I create a Scatter Plot (or some chart) where distinct products are listed on the Y-Axis and Time_Of_Sale is the X-Axis. I need a tick mark plotted for each Product for the appropriate TimeOfSale.

Essentially, I need something like:

Shirt      x    x
Slacks          x         x
Jacket               x  
          5pm  6pm  7pm  8pm

Thanks, Tom

mikelanghorst · ‎05-02-2013

One way, would be to create a lookup table assigning a numberic value to each item. So that Jacket=1, Slacks=2, Shirt=3. Then use the lookup command to convert. This assumes that the item list is known.

| lookup item_string_to_number item_name OUTPUT item_id

Then use item_id as your y-axis value

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Lookup

lundstrt · ‎05-06-2013

Thanks Mike, I used your suggestion (via a slightly different approach. I used a join with | streamstats count as item_id). The revised table now has an item_id representing a numeric y-value. There is still one problem.

My search looks like this:

... | chart values(item_id) over _time by Product

While a 'line' Chart type plots reasonably, a 'scatter' does not. Is there anything peculiar with my data or search that breaks a scatter ?

Thanks again, Tom

Scatter Plot with non-numeric y values

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...