Splunk Search

How to create a horizontal bar chart with a bar indicating start time, end time, and duration?

HMTODD
Explorer

I have data for a batch job that runs each day. I have StartTime, EndTime, and a calculated value for duration. The job runs once per day. For each day, I want to show a bar that begins at StartTime and ends at EndTime. Is there a time chart that will do this?

0 Karma

rjthibod
Champion

There is no native support for this in Splunk, but other people have developed workarounds using the D3 library and JavaScript Extensions. The original work was done in this app (https://splunkbase.splunk.com/app/1741 ), and then extended in a more complete set of D3 charts in this app (https://splunkbase.splunk.com/app/2717/ ).

For my own sake, I integrated that work into my app and also updated all of the D3 library code to more recent versions in github. My app is Splunk certified for 6.2 - 6.5, and it works across Firefox, Chrome, IE, etc. I even updated the Gantt chart JS code to make it work with IE due to some Chrome-specific calls they made in the original code. The link to my app is here: https://splunkbase.splunk.com/app/3171

If you download my app, look at the dashboard "report-activity-gantt.xml" or "dd-client-ux-gantt.xml". The latter even uses the drilldown capability from the Gantt chart to select a specific time-period.

Note, you can achieve the bars you are looking for a number of ways. In my app, I use the start time and end time explicitly, and the Gantt JavaScript code calculates the duration on its own. You can specify the start time and duration and let the Gantt JavaScript code figure out end time.

0 Karma

rjthibod
Champion

I don't think you can do what you are asking for with the built-in bar chart. Instead, you should probably look at using the Gantt chart visualization.

0 Karma

HMTODD
Explorer

Thanks. Unfortunately I think you are correct and Splunk does not provide any Gantt style visualizations. The closest I have found is this third party, not Splunk supported, application. is this application. https://splunkbase.splunk.com/app/1741/#/overviewb

0 Karma

rjthibod
Champion

It is not officially Splunk supported but it works well.

I use it my Splunk certified app that works on 6.2 to 6.5, across all major browsers including IE. Here is a link https://splunkbase.splunk.com/app/3171. Feel free to copy my code.

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...