Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

what setting display a chart on report

youngsuh
Contributor
‎03-14-2024 07:32 AM

Capture.PNG

We had PS create a report but, I can't seem to figure out what setting he set to show a time base chart without a time-based command.   He didn't use dashboard.   The graphic only shows on the report?  I want the ability to do similar type of visualization but, I can't figure what setting cause the visual output.

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

youngsuh
Contributor
‎03-15-2024 02:16 PM

I'd figure it out.  It's saving the report with the Visualization tab.  Thanks for your help in point me towards the right direction.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

youngsuh
Contributor
‎03-15-2024 02:16 PM

I'd figure it out.  It's saving the report with the Visualization tab.  Thanks for your help in point me towards the right direction.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2024 08:04 AM

The x-axis of a chart is usually the first field / column in the result events used for the chart. Check your search query to ensure that the fields are in the correct order.

0 Karma
Reply
Solved! Jump to solution

youngsuh
Contributor
‎03-14-2024 03:53 PM

Here is the SPL

index=$masked$_oracle src!=$masked$* dest=$masked$* ACTION_NAME IN ("*CREATE*","*ALTER*","*DROP*","*EXECUTE*") AND SQL_TEXT IN ("*CREATE TABLE*","*DROP TABLE*","*ALTER TABLE*","*TRUNCATE TABLE*","*CREATE FUNCTION*","*ALTER FUNCTION*","*DROP FUNCTION*","*CREATE PACKAGE BODY*","*ALTER PACKAGE BODY*","*DROP PACKAGE BODY*","*CREATE PACKAGE*","*ALTER PACKAGE*","*DROP PACKAGE*")
| stats values(user) as user values(ACTION_NAME) as dbSQLCommand, values(CLIENT_PROGRAM_NAME) as dbdlient dc(CLIENT_PROGRAM_NAME) as App_Making_chage_count dc(ACTION_NAME) as distinctSQLCommandsPerformed earliest(_time) as mostRecentTime by src, dest, SQL_TEXT
| convert ctime(mostRecentTime) 
| sort - mostRecentTime

 Here is the .conf

action.keyindicator.invert = 0
action.makestreams.param.verbose = 0
action.nbtstat.param.verbose = 0
action.notable.param.verbose = 0
action.nslookup.param.verbose = 0
action.ping.param.verbose = 0
action.risk.forceCsvResults = 1
action.risk.param.verbose = 0
action.send2uba.param.verbose = 0
action.threat_add.param.verbose = 0
action.webhook.enable_allowlist = 0
alert.track = 0
auto_summarize = 1
auto_summarize.dispatch.earliest_time = -3mon@d
cron_schedule = 0 1 * * 1
description = ```SRB Update: adjusted ACTION_NAME & SQL_TEXT Search Analyst-JYS : A/U-2024/01/10 : R/A-2024/01/12```\
dispatch.latest_time = now
display.general.type = statistics
display.page.search.mode = fast
display.page.search.tab = statistics
enableSched = 1
request.ui_dispatch_view = search
search = index=$masked$_oracle src!=$masked$* dest=$masked$* ACTION_NAME IN ("*CREATE*","*ALTER*","*DROP*","*EXECUTE*") AND SQL_TEXT IN ("*CREATE TABLE*","*DROP TABLE*","*ALTER TABLE*","*TRUNCATE TABLE*","*CREATE FUNCTION*","*ALTER FUNCTION*","*DROP FUNCTION*","*CREATE PACKAGE BODY*","*ALTER PACKAGE BODY*","*DROP PACKAGE BODY*","*CREATE PACKAGE*","*ALTER PACKAGE*","*DROP PACKAGE*")\
| stats values(user) as user values(ACTION_NAME) as dbSQLCommand, values(CLIENT_PROGRAM_NAME) as dbdlient dc(CLIENT_PROGRAM_NAME) as App_Making_chage_count dc(ACTION_NAME) as distinctSQLCommandsPerformed earliest(_time) as mostRecentTime by src, dest, SQL_TEXT\
| convert ctime(mostRecentTime) \
| sort - mostRecentTime

 I don't see any where the visualization is set.  could you rephase "The x-axis of a chart is usually the first field / column in the result events used for the chart. Check your search query to ensure that the fields are in the correct order."  I don't get it because there is no chart command or setting in the report.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2024 04:29 PM

The first field mentioned in the by clause of the final stats command (which is src) will be / is your x-axis (see your graphic)

0 Karma
Reply
Solved! Jump to solution

youngsuh
Contributor
‎03-14-2024 05:35 PM

Yes.  src is on the by clause, how do you display on the graph above the report & then table of the search results on the bottom for save report?

Or Am I not asking the question correctly?

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-15-2024 01:18 AM

OK Now I understand what you mean - you could try creating a dashboard and schedule that as a PDF delivery - iirc this has to be Classic not Studio

Reply
Get Updates on the Splunk Community!

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...