Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I create a chart with the range start and end date in the y-axis?

venkatsivab
New Member
‎11-30-2017 10:23 AM

Example data :

start_date end_date batch_name
2017-11-18 12:12:13 2017-11-18 15:12:13 job1
2017-11-18 10:12:13 2017-11-18 12:12:13 job2

I have to create a chart where the x-axis contains the timechart span=1d by batch_nm and y axis should display the range start_date and end_date data so that we can see when the job1 started and job1 ended.

0 Karma
Reply

woodcock
Esteemed Legend
‎12-01-2017 07:27 AM

Like this:

| makeresults 
| eval raw="2017-11-18 12:12:13 2017-11-18 15:12:13 job1::2017-11-18 10:12:13 2017-11-18 12:12:13 job2"
| makemv delim="::" raw
| mvexpand raw
| rename raw AS _raw
| rex "^(?<start_date>\S+\s+\S+)\s+(?<end_date>\S+\s+\S+)\s+(?<job_id>\S+)$"
| fields - _raw

| rename COMMENT AS "Everything above generates sample event data; everything below is your solution"

| eval start_date = strptime(start_date, "%Y-%m-%d %H:%M:%S")
| eval end_date = strptime(end_date, "%Y-%m-%d %H:%M:%S")
| eval _time = start_date
| fieldformat start_date=strftime(start_date, "%Y-%m-%d %H:%M:%S")
| fieldformat end_date=strftime(end_date, "%Y-%m-%d %H:%M:%S")
| eval duration = end_date - start_date
| rename COMMENT AS "to convert to minutes, add '| eval duration=duration/60'"
| rename COMMENT AS "to convert to hours, add '| eval duration=duration/(60*60)'"
| timechart avg(duration) AS duration BY job_id
0 Karma
Reply

DalJeanis
Legend
‎11-30-2017 02:14 PM

If you need that, here's one easy way:

1) Convert the start time to decimal hours after midnight.
2) Calculate the duration of the job in decimal hours.
3) Present the results as a stacked bar chart with the start time on the bottom and the duration on top.

0 Karma
Reply

shugup2923
Path Finder
‎07-13-2022 04:07 AM

How can we Present the results as a stacked bar chart with the start time on the bottom and the duration on top.
can you please help ?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Seamless IT/OT Security: A Hands-On Look at the Cisco Cyber Vision Splunk Add-on

With just a few clicks, you can ingest critical OT asset details, vulnerabilities, baseline deviations, ...