Splunk Search

Expanded stacked column chart

tmortiboy
New Member

Is it possible to create a column chart that is stacked, but where each part of the stack still occupies its own column?

As Image below:

alt text

0 Karma
1 Solution

HiroshiSatoh
Champion

This is an idea.

Change the color of the bar
subtotal->White

<Search>

...|stats count by method|eval subtotal=count| accum subtotal|eval subtotal=subtotal-count|sort - method

<XML>

<option name="charting.legend.labels">[count,subtotal]</option>
<option name="charting.seriesColors">[0xFF0000,0xFFFFFF]</option>

alt text

View solution in original post

0 Karma

niketn
Legend

@tmortiboy, I have created Waterfall visualization using D3 and Splunk's Custom Visualization API. Please check it out whether it fits the need: https://splunkbase.splunk.com/app/3669/

PS: I currently have not implemented the following:
1) Tooltip (currently static label can be displayed)
2) Drilldown
3) Dynamic size (it is manual based on chart height/width right now)
4) Negative axis (can be implemented only after dynamic size is in place)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

cmerriman
Super Champion

if you're comfortable creating a custom viz, you might be able to use this as a starter:
https://www.highcharts.com/demo/waterfall/grid-light

also this app has a waterfall viz, but the last supported version is 6.4
https://splunkbase.splunk.com/app/2856/

0 Karma

HiroshiSatoh
Champion

This is an idea.

Change the color of the bar
subtotal->White

<Search>

...|stats count by method|eval subtotal=count| accum subtotal|eval subtotal=subtotal-count|sort - method

<XML>

<option name="charting.legend.labels">[count,subtotal]</option>
<option name="charting.seriesColors">[0xFF0000,0xFFFFFF]</option>

alt text

0 Karma

tmortiboy
New Member

I had thought of this, but the subtotals can still be hovered over, which is less than ideal.
Unless you know how you can disable the hover for this value?

0 Karma

tmortiboy
New Member

I ended up using this method, but it still feels a little hacky.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...