Solved: compare no. of events with a specific value, to th...

andyk · ‎04-14-2011

I have events that looks something like this:

merchant_id=5755757 status_id=22 amount=300

Now I want to compare the number of events from one specific merchant to the number of events from all the other merchants in a stacked bar diagram split by "specific merchant" / "other merchants". How can I do this?

The diagram should show the last 30 days, with one bar per day.

Ayn · ‎04-14-2011

You could achieve this using eval to split up merchants across either your specific merchant or other merchants.

<yourbasesearch>
 | eval merchant_type=if(merchant_id==5755757,"Current merchant","Other merchants")
 | timechart span=1d count by merchant_type

View solution in original post

Ayn · ‎04-14-2011

You could achieve this using eval to split up merchants across either your specific merchant or other merchants.

<yourbasesearch>
 | eval merchant_type=if(merchant_id==5755757,"Current merchant","Other merchants")
 | timechart span=1d count by merchant_type

andyk · ‎04-18-2011

Works perfect, thanks!

compare no. of events with a specific value, to the no. events with other values

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join the Conversation

compare no. of events with a specific value, to the no. events with other values

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA