Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I create a bar chart through 4 fields?

AtillaMaia
New Member
‎06-16-2015 10:44 AM

alt text

I'm using db Connect and I have this db input. So, I want a chart with 24 bars that represent range of hours. HourStart and HourEnd are that range and I get them in my query. For each interval (HourStart - HourEnd) I have Num which I also get it in my result. CurrentNum is used just for the current interval. For instance, now the current interval is 10AM - 11AM, so only for this interval CurrentNum will be used; the remains will be represented by 'Num' .

Tags (3)
Preview file
66 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-16-2015 12:48 PM

OK, try this (HourEnd is implied by HourStart so it does not factor in):

... | chart avg(Num) AS Num avg(CurrentNum) AS CurrentNum over HourStart

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-16-2015 12:48 PM

OK, try this (HourEnd is implied by HourStart so it does not factor in):

... | chart avg(Num) AS Num avg(CurrentNum) AS CurrentNum over HourStart
0 Karma
Reply
Solved! Jump to solution

AtillaMaia
New Member
‎06-17-2015 08:14 AM

For each, HourStart there is the specified value of Num

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-17-2015 08:25 AM

Right; that's what is charted. If that is not what you desire, you need to restate your desire MUCH more clearly. I have been making educated guesses because you still have never been clear about what you are trying to do.

0 Karma
Reply
Solved! Jump to solution

AtillaMaia
New Member
‎06-17-2015 08:40 AM

I really appreciate your suggestions! I'll try to explain again what I desire. Thanks

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-16-2015 11:52 AM

Like this?

... | timechart first(HourStart) , first(HourEnd), first(Num), first(CurrentNum)

To make the visualization a bar chart, modify with the upper-left control and change it to "bar" or "column".

This is probably a poor guess at an answer but you have neither shown us your data, nor your search as it is so-far.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...