Solved: Can you help me visualize my input lookup file?

dinaabdelhakam · ‎12-10-2018

Hello There,

I have a file CSV as shown in the attached screenshot. I want someone to help me to draw these dates on the xaxis and the streams on yaxis and the values are shown on a secondary Y -axis

whrg · ‎12-10-2018

The transpose command is your friend here: It converts rows to columns.

The real difficulty lies in your date format. They are sorted lexicographically: Apr < Aug < Dec < Feb < ...

Try this out:

your base search
| transpose header_field=Streams column_name=Date
| eval Date=Date+"-01" | eval Date=strptime(Date,"%b-%y-%d") | sort Date | eval Date=strftime(Date,"%Y-%m")

This should get you something like this which can be graphed with a line chart:

Date       StreamA    StreamB    ...
2018-01    788        571        ...
2018-02    780        538        ...
...        ...        ...        ...

Apparently, using strptime() without the day does not work. So I added "-01" to the date.

View solution in original post

whrg · ‎12-10-2018

The transpose command is your friend here: It converts rows to columns.

The real difficulty lies in your date format. They are sorted lexicographically: Apr < Aug < Dec < Feb < ...

Try this out:

your base search
| transpose header_field=Streams column_name=Date
| eval Date=Date+"-01" | eval Date=strptime(Date,"%b-%y-%d") | sort Date | eval Date=strftime(Date,"%Y-%m")

This should get you something like this which can be graphed with a line chart:

Date       StreamA    StreamB    ...
2018-01    788        571        ...
2018-02    780        538        ...
...        ...        ...        ...

Apparently, using strptime() without the day does not work. So I added "-01" to the date.

Can you help me visualize my input lookup file?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio