Security

splunk query

Nith1
Path Finder

Hi 

Can someone help me with the query for the below requirment

i have User A, User B, User C and so onn with the job status as Inprogress,To Do, Done

Need to list the jobs assigned to all the users in the form of bar chart  i.e) may be USer A has job status as inprogess, to do 

User A  -- Inprogress
                    To do 

User B -To Do 
                 Done



 

 

Thanks

Labels (1)
Tags (1)
0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

View solution in original post

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Nith1 

 

Try this.

YOUR_SEARCH
| stats values(Status) as Status by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status 
| stats values(Status) as Status by User

 

For bar chart, can you please share more on how you want to display chart?

 

Thanks
Kamlesh Vaghela

Nith1
Path Finder

Hi @kamlesh_vaghela 

Thanks for the queryi could view the data in the form of taable but when i change to bar chart representation its not displaying any data can you please guide

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...