Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk query

Nith1
Path Finder
‎05-12-2021 10:43 PM

Hi 

Can someone help me with the query for the below requirment

i have User A, User B, User C and so onn with the job status as Inprogress,To Do, Done

Need to list the jobs assigned to all the users in the form of bar chart  i.e) may be USer A has job status as inprogess, to do 

User A  -- Inprogress
                    To do 

User B -To Do 
                 Done



 

 

Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-13-2021 02:15 AM

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

View solution in original post

Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-12-2021 10:50 PM

@Nith1 

 

Try this.

YOUR_SEARCH
| stats values(Status) as Status by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status 
| stats values(Status) as Status by User

 

For bar chart, can you please share more on how you want to display chart?

 

Thanks
Kamlesh Vaghela

Reply
Solved! Jump to solution

Nith1
Path Finder
‎05-13-2021 01:44 AM

Hi @kamlesh_vaghela 

Thanks for the queryi could view the data in the form of taable but when i change to bar chart representation its not displaying any data can you please guide

0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-13-2021 02:15 AM

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...