Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Grouping values in ranges and creating multiple fr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sushmitha_mj
Communicator
05-28-2015
07:46 AM
I want to group usage into ranges like
0-1,
1-10,
10-50 ,
50-100,
100 +
and display a bar chart with count against each of the band.
For example: 0-1 50 users, 1-10 100 users and so on...
Here is the query:
| pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage"
Thanks in Advance.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
05-28-2015
09:27 AM
You need the rangemap command:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
05-28-2015
09:27 AM
You need the rangemap command:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sushmitha_mj
Communicator
05-28-2015
09:36 AM
I tried that, but I have to give attribute name for rangemap. I do not want to classify frequency as high low or red and green. I just want to have a flexible frequency range and count against each frequency range. Could you please give me an example of how I can do this with rangemap.
Thanks.....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
05-28-2015
09:51 AM
Try this:
... | pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage" | rangemap field=Usage Zero=0- OneToTen=1-10 ElevenToTwenty=11-20 | stats count by range
You can also do this with the bucket command, which is more complicated and is more limited (because you have to set your ranges on a regular mathematical progression of ranges, not an arbitrary one like you appear to have).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sushmitha_mj
Communicator
05-28-2015
10:01 AM
@woodcock
Works!! Awesome.. Thanks..
Get Updates on the Splunk Community!
ATTENTION!! We’re MOVING (not really)
Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...
Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions
Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...
AppDynamics Summer Webinars
This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...
