I want to group usage into ranges like
0-1,
1-10,
10-50 ,
50-100,
100 +
and display a bar chart with count against each of the band.
For example: 0-1 50 users, 1-10 100 users and so on...
Here is the query:
| pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage"
Thanks in Advance.
You need the rangemap
command:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap
You need the rangemap
command:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap
I tried that, but I have to give attribute name for rangemap. I do not want to classify frequency as high low or red and green. I just want to have a flexible frequency range and count against each frequency range. Could you please give me an example of how I can do this with rangemap.
Thanks.....
Try this:
... | pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage" | rangemap field=Usage Zero=0- OneToTen=1-10 ElevenToTwenty=11-20 | stats count by range
You can also do this with the bucket
command, which is more complicated and is more limited (because you have to set your ranges on a regular mathematical progression of ranges, not an arbitrary one like you appear to have).
@woodcock
Works!! Awesome.. Thanks..