Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Create bar graph with ranges specified in the x axis

anooshac
Communicator
‎01-20-2022 02:21 AM

I have created a bar graph. The following is the query.

index= "cx_metrics_analysis" sourcetype="cx_metrics_httpevent"
| eval duration=floor((TASK_DURATION)/3600000)| bin duration span=2s|chart distinct_count(TASK_NUM) as "Tasks" by duration
| bin duration span=2

Since the bar graph is having a lot of values in x axis i'm trying to limit the values. I'm trying to group the values into 3. One which has duration less than 15, second one having duration between 15 to 25 and last one having duration greater than 25.

| eval red = if(duration>25,duration,0)
| eval yellow = if(duration<=25 AND duration>15,duration,0)
| eval green = if(duration<=15, duration, 0)

Is this the correct method to do this? Anyone knows how to solve this?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-20-2022 02:34 AM

You could try something like this

index= "cx_metrics_analysis" sourcetype="cx_metrics_httpevent"
| eval duration=floor((TASK_DURATION)/3600000)
| eval duration=case(duration<=15,"green",duration<=25,"yellow",1==1,"red")
|chart distinct_count(TASK_NUM) as "Tasks" by duration
0 Karma
Reply

anooshac
Communicator
‎01-20-2022 03:46 AM

how can i change the name on axis to duration<15, 15<duration>=25 and duration>25 ? I can use the respective color in the graph right?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-20-2022 04:22 AM 
| eval duration=case(duration<=15,"duration<=15",duration<=25,"15<duration<=25",1==1,"duration>25")

Use the charting options to set the colours for the (first 3) series.

0 Karma
Reply

anooshac
Communicator
‎01-20-2022 05:27 AM

Thank you so much..

Duration<15 is coming second how can i change this so that it will be in ascending order?

I have one more doubt.. i am trying to create a drill down table from this bar graph.. the table has the details of the tasks. Don't know what to pass as token. The bar graph has duration and count. How can i create a drill down for this bar graph?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...