Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I create a stacked bar chart?

lakromani
Builder
‎07-30-2015 12:59 AM

I have 3 servers: host=host1, host2, and host3
From these servers I get s_status=ok, nok

I would like to get a graph where I get number of ok from all three servers in one column with servers listed with different colors in the same column.

Eks (Selecting Column as display format)

s_status=ok | timechart count by s_status

This gives me each a column with the sum of all three servers (correct number, but missing the color of each server)

Then I try 

s_status=ok | timechart count by host

This gives me the three servers side by side with different colors.

I want them stacked with each server in the same column, but different colors and size depending on the number of ok

Maybe I need to use chart instead of timechart, but I do not know how to put it together.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

pwmcity
Path Finder
‎07-30-2015 01:27 AM

When you're on the visualizations tag (you can see the graph), look for the formatting options, there's an option to stack there.
I'd say you're better to go with your first option though, that way you can have your 'ok's stacked as blue, and your 'nok's stacked as red.... which is more alarming to see than a gap in blue

View solution in original post

Reply
Solved! Jump to solution

hgrow
Communicator
‎07-30-2015 01:35 AM

Hi lakromani,

there is a dropdown menu with some format options for your visualization.

If you click Format -> Genereal -> Stack Mode: stacked its might be what you are looking for.

Greetings

Reply
Solved! Jump to solution

lakromani
Builder
‎07-30-2015 01:37 AM

You are correct, just as pwmcity implied to. Thanks.

0 Karma
Reply
Solved! Jump to solution

tom_frotscher
Builder
‎07-30-2015 01:30 AM

Hi,

to get them stacked: Stacked is a format option of the column chart:

alt text

Is your search s_status=ok | timechart count by host in addition to the stacked option what you wanted? Or do you need something else?

Greetings Tom

Preview file
1 KB
Reply
Solved! Jump to solution

lakromani
Builder
‎07-30-2015 01:39 AM

Thanks, just as pwmcity answered, but yours are more visual 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

pwmcity
Path Finder
‎07-30-2015 01:27 AM

When you're on the visualizations tag (you can see the graph), look for the formatting options, there's an option to stack there.
I'd say you're better to go with your first option though, that way you can have your 'ok's stacked as blue, and your 'nok's stacked as red.... which is more alarming to see than a gap in blue

Reply
Solved! Jump to solution

lakromani
Builder
‎07-30-2015 01:31 AM

Thanks, so simple. I have overclocked the stack mode in Format tab ....

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...