Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a line chart visualization?

bhaskar5428
Explorer
‎03-30-2022 12:54 AM 
index=* namespace="dk1017-j" sourcetype="kube:container:kafka-clickhouse-snapshot-writer" message="*Snapshot event published*" AND message="*dbI-WAR*" AND message="*2022-03-29*" AND message="*"
|fields message
|rex field=_raw "\s+date=(?<BusDate>\d{4}-\d{2}-\d{2})"
|rex field=_raw "sourceSystem=(?<Source>[^,]*)"
|rex field=_raw "entityType=(?<Entity>\w+)"
|rex field=_raw "\"timestamp\":\"(?<Time>\d{4}-\d{2}-\d{2}[T]\d{2}:\d{2})"
|sort Time desc
|dedup Time
|table Source, BusDate, Entity, Time

 

 

output of above command is below -------------------

Source BusDate Entity Time

dbI-WAR 2022-03-29 BOOKING 2022-03-30T02:05
dbI-WAR 2022-03-29 DATA_QUALITY_REPORTS 2022-03-30T02:04
dbI-WAR 2022-03-29 DATA_QUALITY_ENTITIES 2022-03-30T02:03
dbI-WAR 2022-03-29 COMBINED_POSITION_NORMALIZED 2022-03-30T01:40
dbI-WAR 2022-03-29 COMBINED_POSITION 2022-03-30T01:36
dbI-WAR 2022-03-29 DATA_QUALITY_ENTITIES 2022-03-30T01:35
dbI-WAR 2022-03-29 DEPOSIT 2022-03-30T01:34
dbI-WAR 2022-03-29 DATA_QUALITY_REPORTS 2022-03-30T01:33
dbI-WAR 2022-03-29 DATA_QUALITY_ENTITIES 2022-03-30T00:43
dbI-WAR 2022-03-29 NEXT_BUSINESS_DAYS 2022-03-29T23:49

 

 

question - i would like to line chart 
x axis should be date as date is same for all 

y axis should be time 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-30-2022 01:20 AM

This doesn't sound like a very interesting chart. If all the dates are the same there will be a single point for each series, which by the way you haven't specified what this will be. Please can you clarify what it is you are trying to do here?

0 Karma
Reply

bhaskar5428
Explorer
‎03-30-2022 01:40 AM

i just wanted to explore chart command or option 

could you please share some useful command how we convert some data into chart

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-30-2022 02:15 AM

It usually works the other way around - you need to decide what it is you are trying to show with a chart, then you look to see if there is an appropriate chart type available, then you work out what the search should be to show you the information you want from your data.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...