Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I create a bar chart through 4 fields?

AtillaMaia
New Member
‎06-16-2015 10:44 AM

alt text

I'm using db Connect and I have this db input. So, I want a chart with 24 bars that represent range of hours. HourStart and HourEnd are that range and I get them in my query. For each interval (HourStart - HourEnd) I have Num which I also get it in my result. CurrentNum is used just for the current interval. For instance, now the current interval is 10AM - 11AM, so only for this interval CurrentNum will be used; the remains will be represented by 'Num' .

Tags (3)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-16-2015 12:48 PM

OK, try this (HourEnd is implied by HourStart so it does not factor in):

... | chart avg(Num) AS Num avg(CurrentNum) AS CurrentNum over HourStart

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-16-2015 12:48 PM

OK, try this (HourEnd is implied by HourStart so it does not factor in):

... | chart avg(Num) AS Num avg(CurrentNum) AS CurrentNum over HourStart
0 Karma
Reply
Solved! Jump to solution

AtillaMaia
New Member
‎06-17-2015 08:14 AM

For each, HourStart there is the specified value of Num

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-17-2015 08:25 AM

Right; that's what is charted. If that is not what you desire, you need to restate your desire MUCH more clearly. I have been making educated guesses because you still have never been clear about what you are trying to do.

0 Karma
Reply
Solved! Jump to solution

AtillaMaia
New Member
‎06-17-2015 08:40 AM

I really appreciate your suggestions! I'll try to explain again what I desire. Thanks

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-16-2015 11:52 AM

Like this?

... | timechart first(HourStart) , first(HourEnd), first(Num), first(CurrentNum)

To make the visualization a bar chart, modify with the upper-left control and change it to "bar" or "column".

This is probably a poor guess at an answer but you have neither shown us your data, nor your search as it is so-far.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...