Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk query

Nith1
Path Finder
‎05-12-2021 10:43 PM

Hi 

Can someone help me with the query for the below requirment

i have User A, User B, User C and so onn with the job status as Inprogress,To Do, Done

Need to list the jobs assigned to all the users in the form of bar chart  i.e) may be USer A has job status as inprogess, to do 

User A  -- Inprogress
                    To do 

User B -To Do 
                 Done



 

 

Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-13-2021 02:15 AM

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

View solution in original post

Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-12-2021 10:50 PM

@Nith1 

 

Try this.

YOUR_SEARCH
| stats values(Status) as Status by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status 
| stats values(Status) as Status by User

 

For bar chart, can you please share more on how you want to display chart?

 

Thanks
Kamlesh Vaghela

Reply
Solved! Jump to solution

Nith1
Path Finder
‎05-13-2021 01:44 AM

Hi @kamlesh_vaghela 

Thanks for the queryi could view the data in the form of taable but when i change to bar chart representation its not displaying any data can you please guide

0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-13-2021 02:15 AM

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...