Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Charts over X-days

masambaghost
Explorer
‎10-12-2019 03:01 PM

Good Day Team,

I started reading on Splunk today and I have began my exercises. I am stuck on how to generate charts (i.e bar chart, pie chart) over a particular period of time say 30days.

e.g Count bgp errors by date by Autonomous system(AS) over the last week?

Any reference info would greatly appreciate.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 03:53 AM

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 03:53 AM

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

Reply
Solved! Jump to solution

masambaghost
Explorer
‎10-13-2019 11:29 PM

Thank you for the prompt response @gcusello - I am going through your links.
Exactly what I needed. Thank you.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 11:55 PM

Hi masambaghost,
if this answer solves your problems, please accept and/or upvote it.
Ciao and see next time.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

masambaghost
Explorer
‎10-14-2019 03:56 AM

Let me do so now - still learning, thanks man!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...