Solved: Chart Top Seller Between Three Regions Per Year

rfernandez2010 · ‎11-30-2017

Hello I'm new to Splunk and I'm stuck trying to create what should be a simple table.

Basically, I have a database of all video games every made since 1980. I have each games European, Japanese and North American sales. I wanted to see how the sales in each nation region to the others per year.

index=vgsales |chart sum(EU_Sales) as EUSALES sum(JP_Sales) as JPSALES sum(NA_Sales) as NASALES by year

I wanted to know if it is possible to isolate the top performing region per year. I've tried many times to do this but just can't figure it out. This would be extremely helpful as my classmate would also like to chart the top selling genre per year.

Thanks in advance for the help.

woodcock · ‎11-30-2017

Try this:

index=vgsales
| eval date_year=strftime(_time, "%Y")
| stats sum(EU_Sales) AS EUSALES sum(JP_Sales) AS JPSALES sum(NA_Sales) AS NASALES BY date_year
| untable date_year country sales
| sort 0 - sales
| dedup date_year

View solution in original post

woodcock · ‎11-30-2017

Try this:

index=vgsales
| eval date_year=strftime(_time, "%Y")
| stats sum(EU_Sales) AS EUSALES sum(JP_Sales) AS JPSALES sum(NA_Sales) AS NASALES BY date_year
| untable date_year country sales
| sort 0 - sales
| dedup date_year

Chart Top Seller Between Three Regions Per Year

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms