Splunk Search

How do you specify x-axis intervals on ChartView (type column)?

danillopavan
Communicator

Hi all,

I am using the object ChartView (type column) however I am not able to set the intervals (units) in axis X for 1 hour.

I am executing the query (timechart span=1h sum("XXXXXX") by "YYYYYY") however the data are being displayed with 4 hours of difference between each unit in AXIS X (Unit tick like 4 AM , 8 AM, 12 PM, 4 PM....).

In the JavaScript I have the below code:

Columnchart = new ChartView({
id: "chart1",
managerid: SearchManager.name,
type: "column",
"charting.axisTitleX.text": "Last hours",
"charting.chart.showDataLabels": "all",
"charting.legend.placement": "none",
"charting.scaleX": 1,
"charting.axisLabelsX.majorLabelVisibility": "show",
"charting.axisLabelsX.majorTickVisibility": "show",
"charting.axisLabelsX.minorTickVisibility": "show",
"charting.axisX.includeZero": true,
"charting.axisY.includeZero": true,
"charting.axisLabelsX.majorUnit": "0H30M0S" ,
"charting.chart.columnSpacing" : 2,
el: $('#modalVizualization')
}).render();

I believe that the property "majorUnit" is responsible for this configuration, riight? But it is not reflecting on the graph.

Thanks and regards,
Danillo Pavan

0 Karma
1 Solution

Sukisen1981
Champion

|eval newt=strftime(_time,"%Y-%m-%d %H")

|chart sum(XXXXXX) over newt by YYYYYY

narrow down your search time range to first verify output

View solution in original post

0 Karma

danillopavan
Communicator

Hello Sukisen, to keep the command "span=1h", i needed to change it to:

bin _time span=1h | eval newt=strftime(_time,"%H:%M")| chart sum(XXXX) over newt by YYYY| rename NULL as YYYYY

Many Many thanks for your support!!!

0 Karma

Sukisen1981
Champion

hi firstly many apologies, I was stuck in some major issues @ work (why does it always happen over weekends :)?) and I did not get time to review your previous comments. I forgot that you were in the first place asking for a split on a per hour basis. The bin options is correct and I could have told you this earlier , had I not been stupid enough to miss it in the first place. Glad to see you figured it out yourself....happy splunking 🙂 🙂

0 Karma

danillopavan
Communicator

No problem, Sukisen. Thanks for your Support.

Taking the opportunity...could you please help me with other case? 🙂

My lookup command is not working just via JavaScript..if you execute it in Search Splunk...it is working fine...the question was uploaded in the below URL:

https://answers.splunk.com/answers/583217/why-cant-i-see-results-from-javascript-searchmanag.html

0 Karma

Sukisen1981
Champion

|eval newt=strftime(_time,"%Y-%m-%d %H")

|chart sum(XXXXXX) over newt by YYYYYY

narrow down your search time range to first verify output

View solution in original post

0 Karma

danillopavan
Communicator

Hello Sukisen, many thanks for your asnwer. It is working now!!! The Axis X had changed, however I would like to use the SPAN=1h in the query. It is briging all events and I want to show hour by hour. Is it possible to use the SPAN option for CHART command?

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.