Splunk Search

How do you make a chart with repeating x axis values?

sriharsha14
New Member

Hi all,

I have 2 columns like that I want to plot:
x y
1579 1
1707 2
1707 3
1707 4
1707 5
1707 6
1707 7
1707 8
1707 9
1707 10

When I see the visualization with this search command:

source="splunk_test1.txt" host="Sriharshas-MacBook-Pro.local" sourcetype="temp" | table x, y | sort y

I get a plot like this:
alt text

But I am looking for a plot like this:
alt text

What should be my search command to get the required plot?

Thanks in advance!

0 Karma

sduff_splunk
Splunk Employee
Splunk Employee

source="splunk_test1.txt" host="Sriharshas-MacBook-Pro.local" sourcetype="temp" | table x, y | sort y | stats max(x) by y

Instead of max(x), you could also try sum(x), depending on what that data represents

0 Karma

sriharsha14
New Member

This command:

    source="splunk_test1.txt" sourcetype="temp" | table x, y | sort y | stats sum(x) as x1 by y | sort y

treats x1 as integer, but the plot is with x and y axis interchanged.

When I do this:

    source="splunk_test1.txt" sourcetype="temp" | table x, y | sort y | stats sum(x) as x1 by y | sort y | table x1, y

I get the same plot as the one in the question.

It looks like, with repeating x-axis values (to generate a vertical line), the plotting routine changes the data type of the x-axis values.

I also tried this command to avoid repeating x-axis values:

source="splunk_test1.txt" sourcetype="temp" | table x, y | sort y | eval x = x+y

Even with this, I get the similar plot as the one in question

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...