Solved: Chart with count statistics associated time from m...

splunksuperman

Hi Guys,

I have one master list that inculdes all items, and I want to consolidate two other time-related tables into a single chart, as shown in the example below.

master list

time-related table 1

time-related table 2

result chart

And could I use the chart to produce the pivot chart in Splunk?

ITWhisperer

Try something like this

| makeresults format=csv data="no,item
1,A
2,B
3,C
4,D
5,E"
| append
    [| makeresults format=csv data="date,item
    2024/10/1,A
    2024/10/1,B
    2024/10/1,C"]
| append
    [| makeresults format=csv data="date,item
    2024/10/2,C
    2024/10/2,D"]
``` The lines above represent your sample data appended together ```
| chart count by item date
| fields - NULL
| untable item date count

View solution in original post

ITWhisperer

Try something like this

| makeresults format=csv data="no,item
1,A
2,B
3,C
4,D
5,E"
| append
    [| makeresults format=csv data="date,item
    2024/10/1,A
    2024/10/1,B
    2024/10/1,C"]
| append
    [| makeresults format=csv data="date,item
    2024/10/2,C
    2024/10/2,D"]
``` The lines above represent your sample data appended together ```
| chart count by item date
| fields - NULL
| untable item date count

splunksuperman

You are so great!

Chart with count statistics associated time from multiple table

chart

stats

timechart

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...