Solved: Display data on single bar line in chart

rvisj · ‎05-25-2017

I have some records in csv, each record has a column 'payment method'. I have to count by 'payment method' and the result should how in single line in chart
Each color in chart represents a payment method

adonio · ‎05-26-2017

hello @rvisj
here i user an Instrumental Variable (... | eval var=1 )to use the chart command for the visualization you requested
in screenshot 1 you will see the lookup i created.
screenshot 2 has the search i used and bar chart
heres the search: | inputlookup payments.csv | eval var=1 | chart count(record) over var by payment_method
hope it helps

View solution in original post

woodcock · ‎05-26-2017

Like this:

Your Base Search Here | eval label="Payment Methods" | contingency label "payment method" | search label!="TOTAL"

Set the visualization to Bar Chart and set the Stack Mode to the one on the right (stacked).

rvisj · ‎05-28-2017

thanks for your reply. I tried this but 'Total' is coming as a payment method and adding up in the chart

woodcock · ‎05-29-2017

Also add | fields - Total TOTAL to the end.

adonio · ‎05-26-2017

hello @rvisj
here i user an Instrumental Variable (... | eval var=1 )to use the chart command for the visualization you requested
in screenshot 1 you will see the lookup i created.
screenshot 2 has the search i used and bar chart
heres the search: | inputlookup payments.csv | eval var=1 | chart count(record) over var by payment_method
hope it helps

rvisj · ‎05-28-2017

Working..thanks @adonio. Can we remover that 'var 1' label from Y-axis

Display data on single bar line in chart

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms