Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I create a stacked bar chart?

lakromani
Builder
‎07-30-2015 12:59 AM

I have 3 servers: host=host1, host2, and host3
From these servers I get s_status=ok, nok

I would like to get a graph where I get number of ok from all three servers in one column with servers listed with different colors in the same column.

Eks (Selecting Column as display format)

s_status=ok | timechart count by s_status

This gives me each a column with the sum of all three servers (correct number, but missing the color of each server)

Then I try 

s_status=ok | timechart count by host

This gives me the three servers side by side with different colors.

I want them stacked with each server in the same column, but different colors and size depending on the number of ok

Maybe I need to use chart instead of timechart, but I do not know how to put it together.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

pwmcity
Path Finder
‎07-30-2015 01:27 AM

When you're on the visualizations tag (you can see the graph), look for the formatting options, there's an option to stack there.
I'd say you're better to go with your first option though, that way you can have your 'ok's stacked as blue, and your 'nok's stacked as red.... which is more alarming to see than a gap in blue

View solution in original post

Reply
Solved! Jump to solution

hgrow
Communicator
‎07-30-2015 01:35 AM

Hi lakromani,

there is a dropdown menu with some format options for your visualization.

If you click Format -> Genereal -> Stack Mode: stacked its might be what you are looking for.

Greetings

Reply
Solved! Jump to solution

lakromani
Builder
‎07-30-2015 01:37 AM

You are correct, just as pwmcity implied to. Thanks.

0 Karma
Reply
Solved! Jump to solution

tom_frotscher
Builder
‎07-30-2015 01:30 AM

Hi,

to get them stacked: Stacked is a format option of the column chart:

alt text

Is your search s_status=ok | timechart count by host in addition to the stacked option what you wanted? Or do you need something else?

Greetings Tom

stacked.png
Preview file
46 KB
Reply
Solved! Jump to solution

lakromani
Builder
‎07-30-2015 01:39 AM

Thanks, just as pwmcity answered, but yours are more visual 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

pwmcity
Path Finder
‎07-30-2015 01:27 AM

When you're on the visualizations tag (you can see the graph), look for the formatting options, there's an option to stack there.
I'd say you're better to go with your first option though, that way you can have your 'ok's stacked as blue, and your 'nok's stacked as red.... which is more alarming to see than a gap in blue

Reply
Solved! Jump to solution

lakromani
Builder
‎07-30-2015 01:31 AM

Thanks, so simple. I have overclocked the stack mode in Format tab ....

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top