Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

what setting display a chart on report

youngsuh
Contributor
‎03-14-2024 07:32 AM

Capture.PNG

We had PS create a report but, I can't seem to figure out what setting he set to show a time base chart without a time-based command.   He didn't use dashboard.   The graphic only shows on the report?  I want the ability to do similar type of visualization but, I can't figure what setting cause the visual output.

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

youngsuh
Contributor
‎03-15-2024 02:16 PM

I'd figure it out.  It's saving the report with the Visualization tab.  Thanks for your help in point me towards the right direction.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

youngsuh
Contributor
‎03-15-2024 02:16 PM

I'd figure it out.  It's saving the report with the Visualization tab.  Thanks for your help in point me towards the right direction.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2024 08:04 AM

The x-axis of a chart is usually the first field / column in the result events used for the chart. Check your search query to ensure that the fields are in the correct order.

0 Karma
Reply
Solved! Jump to solution

youngsuh
Contributor
‎03-14-2024 03:53 PM

Here is the SPL

index=$masked$_oracle src!=$masked$* dest=$masked$* ACTION_NAME IN ("*CREATE*","*ALTER*","*DROP*","*EXECUTE*") AND SQL_TEXT IN ("*CREATE TABLE*","*DROP TABLE*","*ALTER TABLE*","*TRUNCATE TABLE*","*CREATE FUNCTION*","*ALTER FUNCTION*","*DROP FUNCTION*","*CREATE PACKAGE BODY*","*ALTER PACKAGE BODY*","*DROP PACKAGE BODY*","*CREATE PACKAGE*","*ALTER PACKAGE*","*DROP PACKAGE*")
| stats values(user) as user values(ACTION_NAME) as dbSQLCommand, values(CLIENT_PROGRAM_NAME) as dbdlient dc(CLIENT_PROGRAM_NAME) as App_Making_chage_count dc(ACTION_NAME) as distinctSQLCommandsPerformed earliest(_time) as mostRecentTime by src, dest, SQL_TEXT
| convert ctime(mostRecentTime) 
| sort - mostRecentTime

 Here is the .conf

action.keyindicator.invert = 0
action.makestreams.param.verbose = 0
action.nbtstat.param.verbose = 0
action.notable.param.verbose = 0
action.nslookup.param.verbose = 0
action.ping.param.verbose = 0
action.risk.forceCsvResults = 1
action.risk.param.verbose = 0
action.send2uba.param.verbose = 0
action.threat_add.param.verbose = 0
action.webhook.enable_allowlist = 0
alert.track = 0
auto_summarize = 1
auto_summarize.dispatch.earliest_time = -3mon@d
cron_schedule = 0 1 * * 1
description = ```SRB Update: adjusted ACTION_NAME & SQL_TEXT Search Analyst-JYS : A/U-2024/01/10 : R/A-2024/01/12```\
dispatch.latest_time = now
display.general.type = statistics
display.page.search.mode = fast
display.page.search.tab = statistics
enableSched = 1
request.ui_dispatch_view = search
search = index=$masked$_oracle src!=$masked$* dest=$masked$* ACTION_NAME IN ("*CREATE*","*ALTER*","*DROP*","*EXECUTE*") AND SQL_TEXT IN ("*CREATE TABLE*","*DROP TABLE*","*ALTER TABLE*","*TRUNCATE TABLE*","*CREATE FUNCTION*","*ALTER FUNCTION*","*DROP FUNCTION*","*CREATE PACKAGE BODY*","*ALTER PACKAGE BODY*","*DROP PACKAGE BODY*","*CREATE PACKAGE*","*ALTER PACKAGE*","*DROP PACKAGE*")\
| stats values(user) as user values(ACTION_NAME) as dbSQLCommand, values(CLIENT_PROGRAM_NAME) as dbdlient dc(CLIENT_PROGRAM_NAME) as App_Making_chage_count dc(ACTION_NAME) as distinctSQLCommandsPerformed earliest(_time) as mostRecentTime by src, dest, SQL_TEXT\
| convert ctime(mostRecentTime) \
| sort - mostRecentTime

 I don't see any where the visualization is set.  could you rephase "The x-axis of a chart is usually the first field / column in the result events used for the chart. Check your search query to ensure that the fields are in the correct order."  I don't get it because there is no chart command or setting in the report.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2024 04:29 PM

The first field mentioned in the by clause of the final stats command (which is src) will be / is your x-axis (see your graphic)

0 Karma
Reply
Solved! Jump to solution

youngsuh
Contributor
‎03-14-2024 05:35 PM

Yes.  src is on the by clause, how do you display on the graph above the report & then table of the search results on the bottom for save report?

Or Am I not asking the question correctly?

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-15-2024 01:18 AM

OK Now I understand what you mean - you could try creating a dashboard and schedule that as a PDF delivery - iirc this has to be Classic not Studio

Reply
Get Updates on the Splunk Community!

Transforming Financial Data into Fraud Intelligence

Every day, banks and financial companies handle millions of transactions, logins, and customer interactions ...

How to send events & findings from AWS to Splunk using Amazon EventBridge

Amazon EventBridge is a serverless service that uses events to connect application components together, making ...

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...
Top