Security

splunk query

Nith1
Path Finder

Hi 

Can someone help me with the query for the below requirment

i have User A, User B, User C and so onn with the job status as Inprogress,To Do, Done

Need to list the jobs assigned to all the users in the form of bar chart  i.e) may be USer A has job status as inprogess, to do 

User A  -- Inprogress
                    To do 

User B -To Do 
                 Done



 

 

Thanks

Labels (1)
Tags (1)
0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

View solution in original post

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Nith1 

 

Try this.

YOUR_SEARCH
| stats values(Status) as Status by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status 
| stats values(Status) as Status by User

 

For bar chart, can you please share more on how you want to display chart?

 

Thanks
Kamlesh Vaghela

Nith1
Path Finder

Hi @kamlesh_vaghela 

Thanks for the queryi could view the data in the form of taable but when i change to bar chart representation its not displaying any data can you please guide

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...