Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create a stacked bar chart based on transactions

zd00191
Communicator
‎07-07-2015 08:28 AM

I have transactions with a start time and end time. I have created a search to get the 10 jobs with the largest durations for each day of the week over the last seven days. I want to create a stacked bar chart that will display the day on the vertical access with the 10 jobs with the largest average duration stacked on top of each other. The horizontal axis needs to be the duration. Here is my search. Any help is much appreciated!

index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host="usatlb91" System="SAP FILO" JOB_NAME="*" | transaction JOB_NAME startswith="START*" unifyends=true |convert timeformat="%b %d, %Y %I:%M:%S %P" ctime(_time) AS "Start Time" |top 10 avg(duration), JOB_NAME by date_wday
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-07-2015 10:40 AM

Something along these lines:

...  | transaction JOB_NAME startswith="START*" unifyends=true | timechart limit=10 span=1d useother=f avg(duration) by JOB_NAME

Based on your description it sounds as if you'll want to display this as a stacked bar chart, making the horizontal X-axis display the duration.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-07-2015 10:40 AM

Something along these lines:

...  | transaction JOB_NAME startswith="START*" unifyends=true | timechart limit=10 span=1d useother=f avg(duration) by JOB_NAME

Based on your description it sounds as if you'll want to display this as a stacked bar chart, making the horizontal X-axis display the duration.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-07-2015 01:18 PM

So... you want each block to be the same length, regardless of duration?

If so, add an eval duration = 1 between the transaction and the timechart.

0 Karma
Reply
Solved! Jump to solution

zd00191
Communicator
‎07-07-2015 02:30 PM

Each transaction is a job run.

In the last seven days,

For each day, show me the top ten jobs with the longest average duration

In other words, calculate the top ten jobs withe longest average duration for each day and then display those ten jobs stacked on top of one another for each day based on the duration length.

The duration length should be on the horizontal axis, and each day ofthe week should be on the vertical axis with 10 sections per bar, one bar per day. Each section of the bar represents one of the top ten jobs with the longest average duration for that day

0 Karma
Reply
Solved! Jump to solution

zd00191
Communicator
‎07-07-2015 12:12 PM

I would like to have it where each day has ten stacked blocks. In other words, I want the ten jobs with the longest average duration over the last seven days

When I use the above, I get the ten jobs with the longest average duration over the last 7 days with each block being how long that job run took. Do you get what I am saying? Thanks by the way.

0 Karma
Reply
Solved! Jump to solution

zd00191
Communicator
‎07-07-2015 08:33 AM

There should be a total of seventy bars on the chart. 10 stacked based on duration per day

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...