Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

splunk visualization

chookp
Explorer
‎04-16-2020 01:10 AM

hi i had made a stats table base on below command
alt text

and under my visualization is :
alt text

i would like to ask if there is a way to have additional information at the X-axis example the current X axis have the DESCRIPTION and count(VALUE), but i would like to have the VALUE (RUN and STOP) information inside too

Tags (1)
Preview file
93 KB
Preview file
128 KB
0 Karma
Reply

chookp
Explorer
‎04-28-2020 11:34 PM

alt text

i am sorry but i have no idea how i can fix my query into the query that you have given, i am thinking of if i am able to click on the bar and it will show my VALUE base on the DESCRIPTION on top, but different ASSET_NAME have different number of DESCRIPTION and the VALUE are also different . base on the query you given you have fix the result to show as 4 and the count value as 24 i suppose?

Preview file
57 KB
0 Karma
Reply

to4kawa
Ultra Champion
‎04-29-2020 12:45 AM

Have you try my query and see the result?

I created the query from your result.

I don't know what you do not understand it.

Please see the reference and try line by line.

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Makeresults

0 Karma
Reply

to4kawa
Ultra Champion
‎04-16-2020 01:53 AM 
| makeresults count=4
| streamstats count 
| fillnull DESCRIPTION VALUE ASSET_NAME 
| eval DESCRIPTION="STN DR SUMP Pump ".ceil(count/2)." Run/Stop Status Ante RM 1"
| eval VALUE=mvindex(split("RUN/STOP","/"),(count % 2)-1)
| eval ASSET_NAME="XPO/CIV/DES/DSS11"
| eval "count(VALUE)" = 24 - ceil(count/2)
| table DESCRIPTION VALUE ASSET_NAME count(VALUE)
| rename COMMENT as "this is sample you provide. from here, the logic"

| eval ASSET_NAME=ASSET_NAME.":".VALUE 
| xyseries DESCRIPTION ASSET_NAME count(VALUE)

try Visualization >> Column Chart stacked

0 Karma
Reply

chookp
Explorer
‎04-16-2020 01:59 AM

hi thanks for the help i am able to get the visualization, but this is on a fix ASSET_NAME if i have my ASSET_NAME with a lot of variables is there a way to use REX to do it?

0 Karma
Reply

to4kawa
Ultra Champion
‎04-16-2020 02:08 AM

"this is sample you provide. from here, the logic"
try logic to your query.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...