Solved: How can I make a stacked Column chart?

Edwin1471 · ‎08-04-2022

Hi,

how can I make a stacked column chart . Currently the Purple area displays how long it took for all processes combined to execute. How could I modify my spl query so that it would display how long each individual process took to complete in a column chart. (A1, A2, A3 - process names)

| rex field=PROCESS_NAME ":(?<Process>[^\"]+)"
| eval finish_time_epoch = strftime(strptime(FINISH_TIME, "%Y-%m-%d %H:%M:%S"),"%Y-%m-%d %H:%M:%S")
| eval start_time_epoch = strftime(strptime(START_TIME, "%Y-%m-%d %H:%M:%S"),"%Y-%m-%d %H:%M:%S")
| eval duration_s = strptime(FINISH_TIME, "%Y-%m-%d %H:%M:%S") - strptime(START_TIME, "%Y-%m-%d %H:%M:%S")
| eval duration_min = round(duration_s / 60, 2)
| chart sum(duration_min) as "time" by G_DT

ITWhisperer · ‎08-04-2022

| chart sum(duration_min) as "time" by G_DT Process

View solution in original post

dglauche · ‎08-04-2022

Hi,

not sure whats the content of your G_DT field but in general you can create a stacked chart like this:

| makeresults count=100 
| streamstats count as pid 
| eval _time=_time-(pid*3600), duration=random()%300
| timechart span=1d useother=f sum(duration) by pid

ITWhisperer · ‎08-04-2022

| chart sum(duration_min) as "time" by G_DT Process

How can I make a stacked Column chart?

chart

stats

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!