Splunk Search

Creating multiple chart with labels

dimitryz
Path Finder

Hello,

I've build following simple search from our client test data :
sourcetype=json_new | search browser_version browser_data | chart count by browser_version,browser_data

In this case browser_data is browser name like "IE" or "Firefox"

I can also get specific information per browser :
sourcetype=json_new | search browser_version browser_data="IE" | chart count by browser_version

Or get list of all browsers ;

sourcetype=json_new | spath browser_data | dedup browser_data | table browser_data

I would like to know how to build a single chart that contains all :
Per each browser all statistics regarding versions (browser_version) .

Thanks in advance ,
Dmitry

Tags (2)
0 Karma
1 Solution

aweitzman
Motivator

I think you just want something similar to your first search, then, but with the output groups reversed:

sourcetype=json_new browser_version browser_data | chart count by browser_data, browser_version

View solution in original post

0 Karma

aweitzman
Motivator

I think you just want something similar to your first search, then, but with the output groups reversed:

sourcetype=json_new browser_version browser_data | chart count by browser_data, browser_version

0 Karma

dimitryz
Path Finder

Stats is works too,but I'm interested to see count (statistics) for each browser in one search grouped by browser.
See "picture"

||| || ||| |||||
IE Firefox Opera

Each group of || is count of versions for each browser.
I hope that I was able to explain myself.

0 Karma

aweitzman
Motivator

Are you looking for something more like stats rather than chart?

sourcetype=json_new browser_version browser_data | stats count by browser_data,browser_version

What are "all statistics" that you are looking for, besides count?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...