Dashboards & Visualizations

Serial numbers for chart

srikarbaswa446
New Member

How to get a serial number for chart in Splunk?
S_no
1
2
3
4
** in a chart ** ?
Thanks in advance

0 Karma
1 Solution

cmerriman
Super Champion

if you add this to the end of your SPL, is it what you're looking for:

...|chart count by hour,wday|rex field=hour "(?<s_no>\d\.)"|rex mode=sed field=hour "s/\d\.//g"

View solution in original post

0 Karma

Sukisen1981
Champion

hi , you just need to use | Fields A,B,C in the order your need them to appear

0 Karma

cmerriman
Super Champion

if you add this to the end of your SPL, is it what you're looking for:

...|chart count by hour,wday|rex field=hour "(?<s_no>\d\.)"|rex mode=sed field=hour "s/\d\.//g"
0 Karma

srikarbaswa446
New Member

Thank you ,but serial number is getting populated in last coloumn

0 Karma

Sukisen1981
Champion

hi , you just need to use | Fields A,B,C in the order your need them to appear

| Fields s_no, field1,field2 etc etc..

0 Karma

srikarbaswa446
New Member

am getting values in a stack mode ..needed like a chart

0 Karma

Sukisen1981
Champion

sorry not clear , you are getting a stacked chart? can you share a bit more with images what you desire and what you are getting?

0 Karma

Sukisen1981
Champion

you are looking for row count probably. try this -
| streamstats count as "S_no"

0 Karma

srikarbaswa446
New Member

serial number of each row in separate coloum

0 Karma

srikarbaswa446
New Member

Thank you but i need it in a separate coloum from my other output values

0 Karma

srikarbaswa446
New Member

Especially in a query written for a CHART only

0 Karma

cmerriman
Super Champion

can you be more specific? is there other data you're using in conjunction with this? more details will help the community give a more helpful answer

0 Karma

srikarbaswa446
New Member

Yeah , Actually in a eval statement i have specified numbers for each string so that i'll get in that sequence of numbers but now i need serial number in the same sequence by removing numbers assigned to string in eval statment

|eval hour=case(hour>0 AND hour<=6,"Midnight to 6AM",hour>6 AND hour<=8,"2. 6AM to 8AM",hour>8 AND hour<=10,"3. 8AM to 10AM",hour>10 AND hour<=12,"4. 10AM to 12PM",hour>12 AND hour<=14,"5. 12PM to 2PM",hour>14 AND hour<=16,"2PM to 4PM",hour>16 AND hour<=18,"4PM to 6PM",hour>18 AND hour<=20,"8. 6PM to 8PM",hour>20 AND hour<=24,"9. 8PM to Midnight")
|chart sum(count) by hour,wday

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...