Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to build a chart on unique field

wish2hate
New Member
‎10-09-2019 08:29 AM

I am trying to achieve building multiple area graph on one chart where my input is:

foo=blue
foo=purple
foo=red
foo=red
foo=red
foo=purple

And when I do splunk search, I would expect my search to be: 

{get all logs} | top limit=0 "foo" | fields "foo" count

Where I would produce the following results:

red:       3
purple:  2
blue:      1

Now what I am seeking to get this type of count by time with all 3 different fields in ONE area graph.
Can someone please show me how to do this?

0 Karma
Reply

kiamco
Path Finder
‎10-09-2019 10:52 AM

you might want to just use a
|timechart

like

...base search
|timechart count(foo) by foo
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...