Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Create bar graph with ranges specified in the x axis

anooshac
Communicator
‎01-20-2022 02:21 AM

I have created a bar graph. The following is the query.

index= "cx_metrics_analysis" sourcetype="cx_metrics_httpevent"
| eval duration=floor((TASK_DURATION)/3600000)| bin duration span=2s|chart distinct_count(TASK_NUM) as "Tasks" by duration
| bin duration span=2

Since the bar graph is having a lot of values in x axis i'm trying to limit the values. I'm trying to group the values into 3. One which has duration less than 15, second one having duration between 15 to 25 and last one having duration greater than 25.

| eval red = if(duration>25,duration,0)
| eval yellow = if(duration<=25 AND duration>15,duration,0)
| eval green = if(duration<=15, duration, 0)

Is this the correct method to do this? Anyone knows how to solve this?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-20-2022 02:34 AM

You could try something like this

index= "cx_metrics_analysis" sourcetype="cx_metrics_httpevent"
| eval duration=floor((TASK_DURATION)/3600000)
| eval duration=case(duration<=15,"green",duration<=25,"yellow",1==1,"red")
|chart distinct_count(TASK_NUM) as "Tasks" by duration
0 Karma
Reply

anooshac
Communicator
‎01-20-2022 03:46 AM

how can i change the name on axis to duration<15, 15<duration>=25 and duration>25 ? I can use the respective color in the graph right?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-20-2022 04:22 AM 
| eval duration=case(duration<=15,"duration<=15",duration<=25,"15<duration<=25",1==1,"duration>25")

Use the charting options to set the colours for the (first 3) series.

0 Karma
Reply

anooshac
Communicator
‎01-20-2022 05:27 AM

Thank you so much..

Duration<15 is coming second how can i change this so that it will be in ascending order?

I have one more doubt.. i am trying to create a drill down table from this bar graph.. the table has the details of the tasks. Don't know what to pass as token. The bar graph has duration and count. How can i create a drill down for this bar graph?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top