Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Charts over X-days

masambaghost
Explorer
‎10-12-2019 03:01 PM

Good Day Team,

I started reading on Splunk today and I have began my exercises. I am stuck on how to generate charts (i.e bar chart, pie chart) over a particular period of time say 30days.

e.g Count bgp errors by date by Autonomous system(AS) over the last week?

Any reference info would greatly appreciate.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 03:53 AM

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 03:53 AM

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

Reply
Solved! Jump to solution

masambaghost
Explorer
‎10-13-2019 11:29 PM

Thank you for the prompt response @gcusello - I am going through your links.
Exactly what I needed. Thank you.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 11:55 PM

Hi masambaghost,
if this answer solves your problems, please accept and/or upvote it.
Ciao and see next time.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

masambaghost
Explorer
‎10-14-2019 03:56 AM

Let me do so now - still learning, thanks man!

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...