Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Grouping values in ranges and creating multipl...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sushmitha_mj
Communicator
05-28-2015
07:46 AM
I want to group usage into ranges like
0-1,
1-10,
10-50 ,
50-100,
100 +
and display a bar chart with count against each of the band.
For example: 0-1 50 users, 1-10 100 users and so on...
Here is the query:
| pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage"
Thanks in Advance.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
05-28-2015
09:27 AM
You need the rangemap command:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
05-28-2015
09:27 AM
You need the rangemap command:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sushmitha_mj
Communicator
05-28-2015
09:36 AM
I tried that, but I have to give attribute name for rangemap. I do not want to classify frequency as high low or red and green. I just want to have a flexible frequency range and count against each frequency range. Could you please give me an example of how I can do this with rangemap.
Thanks.....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
05-28-2015
09:51 AM
Try this:
... | pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage" | rangemap field=Usage Zero=0- OneToTen=1-10 ElevenToTwenty=11-20 | stats count by range
You can also do this with the bucket command, which is more complicated and is more limited (because you have to set your ranges on a regular mathematical progression of ranges, not an arbitrary one like you appear to have).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sushmitha_mj
Communicator
05-28-2015
10:01 AM
@woodcock
Works!! Awesome.. Thanks..
Get Updates on the Splunk Community!
Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust
Heading to your first .Conf? You’re in for an unforgettable ride — learning, networking, swag collecting, ...
Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination
Calling all Splunk developers, custom SPL builders, dashboarders, and Splunkbase app creators – the Builder ...
Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar
Are you ready to take your threat hunting skills to the next level? As Splunk community members, you know the ...
