Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Sort JSON Data by field value?

nkavouris
Path Finder
‎01-24-2025 06:02 AM

I have a base query which yield the field result, result can be either "Pass" or "Fail"

Sample query result is attached

How can I create a column chart with the count of passes and fails as different color columns?

 

here is my current search which yields a column chart with two columns of the same color

index="sampleindex" source="samplesource" | 
search test_name="IR Test" | 
search serial_number="TC-7"|
spath result | 
stats count by result

 

Labels (3)
Labels
Preview file
47 KB
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎01-25-2025 10:38 PM

Splunk uses different colors for different numeric fields.  Your stats command results in only one, count.  There are many ways to make a field named Pass and another named Fail.  As your output only contains a 2x2, the easiest is probably just transpose the output.

index="sampleindex" source="samplesource" test_name="IR Test" serial_number="TC-7"
| stats count by result
| transpose header_field=result

Additional tips:

  • Do not use screenshot to share text data.  Share raw text.
  • Do not cascade filters that can be performed in initial index search.
  • Format Splunk searches with pipe sign at beginning of line, not end.  You can enable "Search auto-format" in preferences to help you create readable searches.
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...