Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I display my data in a bubble chart?

dannestor
Explorer
‎11-16-2015 07:48 AM

I am running the following search:

"authentication failed" | stats count by user, sourceip | sort -count | head 10

Which produces a table with three columns: user, sourceip and count, like so (scrubbed data):

alt text

I would like to display this in a bubble visualization, where the X and Y axes map to my users and sourceips, and the size of the bubble maps to the count. Is there any way to do this?

capture.png
Preview file
22 KB
0 Karma
Reply

mporath_splunk
Splunk Employee
Splunk Employee
‎11-16-2015 10:19 AM

Bubble charts expect three dimensions.

  • The first one can be anything categorical. Something you can count. Think of it as "I want a bubble for each ...". In your example it's most likely your user
  • The second and third dimension need to be numerical so that they can be placed on the X and Y axes. clientip won't work for this.

Your it should work if you drop clientip and add two numerical dimensions to stats count. Try stats count by user, date_minute, date_second. Of course that chart is largely nonsensical, since these time dimensions likely don't carry much information.

Reply

dannestor
Explorer
‎11-16-2015 11:35 AM

I found some references about setting the X and Y axes to be categorical/discrete, instead of numeric/continuous (example: https://answers.splunk.com/answering/52635/view.html). Did I misunderstand the information there?

0 Karma
Reply

buraka
New Member
‎04-09-2018 02:59 AM

Hi dannestor, i am facing the same issue,were you able to solve the same ?

0 Karma
Reply

dannestor
Explorer
‎04-09-2018 03:22 AM

Hey, nope, sorry, I never followed-up on this.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top