Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to chart the count of requests to a website with the website's shannon value (ut_shannon)?

phudinhha
Explorer
‎08-31-2016 02:52 PM

Dear Team,

I am trying to build a chart like this:
- x-axis is the website name
- y-axis is the number of request to that website
- on top of the bar for Website, I want to display the ut_shannon value of that website.

Is there anyway that we can do it?

0 Karma
Reply

ashutoshsharma1
Path Finder
‎08-31-2016 11:59 PM 
SearchTerm (anything like sourcetype="access*" ) | chart count as "Number of Request to Website" over websitename

1) save this report to a dashboard.
2) Add panel new >Event > type same search and extract that field (ut_shannon )
3) Save this panel on top of your dashboard.

please upvote and mark my answer correct if this works for you thanks 🙂
don't hesitate to ask me for any further doubt

0 Karma
Reply

maclel
Engager
‎08-31-2016 11:35 PM

Hi,

Similar to this question it appears:
https://answers.splunk.com/answers/111704/values-on-the-bar-chart.html

Which is using this as the search:

....<your search using chart/stats like count by somefield> | eval somefield=somefield."-".count

but instead yours will be something along the lines of:

 * | chart ... by somefield | eval <whatever>=somefield." - ".ut_shannon

Then in 6.3 and later you should be able to show the values on the actual chart by:

Format > General > Show Data Values > On

0 Karma
Reply

phudinhha
Explorer
‎09-01-2016 06:58 AM

Yes, i will try both solutions now to see which one is working. Thank you everyone.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...