Reporting

Stacked bar graph that answer a question yes or no

jeffpaschke
Engager

I am a newbie to Splunk,  I have found that I have been able to re-create most of my reports and build them out into a usable dashboard or report. I have one that I just cannot seem to get correct or all the information into the correct way.  So here is what I have 

(Source) email=*, recipient_group="*", reported_phish="*" | timechart count(reported_phish) by recipient_group 

This gets me real close,it will split out the report into the three departments and give a total of all the email phishing scenarios available in the reported_phish field in grand total.  If I change the reported_phish="Yes" I get everyone that has reported the phishing test or if I use reported_phish="No" I get the same for the people who have not reported the phish email,  so I believe that the data I need is there  for my graph.

What my final outcome would be is have the chart where every department has the count of yes or no answers in a total. below shows the grand totals and I would like to split the department to reflect yes and no along with the grand total.  Again I apologize for not being able to find the answer.  I have tried to split, append, different charts from the community and google and I am just drawing a total blank  

Thank You in advance

Jeff

jeffpaschke_0-1629492357975.png

 

Labels (1)
0 Karma
1 Solution

jeffpaschke
Engager

ITWhisperer,

I do thank you for taking the time to answer my question.  I didn't think of working in the X and Y axis of the chart to get different out comes other than from a search point of view.  I will have to dive deeper into that part to see, if any other results can be found in the layout.

Again Thank you

Jeff 

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

The standard chart does not offer the capability you are after. Essentially, you have an x-axis (date in your case), a y-axis (count in your case), and a number of series (department in your case). These series can either be displayed side-by-side (as you have shown), or stacked. The functionality you require is for the series to be subdivided into yes/no and the departments to be side-by-side and the yes/no to be stacked within the departments. I have not seen a chart which matches this but that's not to say there isn't one.

0 Karma

jeffpaschke
Engager

ITWhisperer,

I do thank you for taking the time to answer my question.  I didn't think of working in the X and Y axis of the chart to get different out comes other than from a search point of view.  I will have to dive deeper into that part to see, if any other results can be found in the layout.

Again Thank you

Jeff 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...