How do I use the columns in a CSV file to create a...

angshul · ‎07-08-2019

Hi, I'm new to Splunk and I'm trying to create some visualizations on a Splunk dashboard using some CSV data. My data has the following columns:
{Id, SId, Timestamp, EId, Sev}.
I need to create a bar graph with timestamp on X-axis and Sev on the Y-axis. Any help regarding this?

harish_l · ‎07-09-2019

Please use the below query,

| inputlookup myData.csv | eval _time=strftime(_time,"%m-%d-%Y %H:%M:%S.%Q") | timechart count by Sev

richgalloway · ‎07-08-2019

See if this gets you started. You'll need to replace with a time format string that matches the format of Timestamp. I've assumed 'Sev' is a numeric field. If it isn't then change 'max' to 'values'.

| inputlookup myData.csv | eval _time = strptime(Timestamp, "<format string>") | timechart max(Sev)

---
If this reply helps you, Karma would be appreciated.

angshul · ‎07-09-2019

@richgalloway , I'm getting the following error on running the command:

Error in 'timechart' command: The specifier 'SEV' is invalid. It must be in form (). For example: max(size).

Looks like it only accepts a function like count or max for the timechart command.

richgalloway · ‎07-10-2019

Sorry about that. Answer is corrected.

---
If this reply helps you, Karma would be appreciated.

How do I use the columns in a CSV file to create a bar graph on a dashboard?

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!

Are you a member of the Splunk Community?

How do I use the columns in a CSV file to create a bar graph on a dashboard?

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!