Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a line chart visualization?

bhaskar5428
Explorer
‎03-30-2022 12:54 AM 
index=* namespace="dk1017-j" sourcetype="kube:container:kafka-clickhouse-snapshot-writer" message="*Snapshot event published*" AND message="*dbI-WAR*" AND message="*2022-03-29*" AND message="*"
|fields message
|rex field=_raw "\s+date=(?<BusDate>\d{4}-\d{2}-\d{2})"
|rex field=_raw "sourceSystem=(?<Source>[^,]*)"
|rex field=_raw "entityType=(?<Entity>\w+)"
|rex field=_raw "\"timestamp\":\"(?<Time>\d{4}-\d{2}-\d{2}[T]\d{2}:\d{2})"
|sort Time desc
|dedup Time
|table Source, BusDate, Entity, Time

 

 

output of above command is below -------------------

Source BusDate Entity Time

dbI-WAR 2022-03-29 BOOKING 2022-03-30T02:05
dbI-WAR 2022-03-29 DATA_QUALITY_REPORTS 2022-03-30T02:04
dbI-WAR 2022-03-29 DATA_QUALITY_ENTITIES 2022-03-30T02:03
dbI-WAR 2022-03-29 COMBINED_POSITION_NORMALIZED 2022-03-30T01:40
dbI-WAR 2022-03-29 COMBINED_POSITION 2022-03-30T01:36
dbI-WAR 2022-03-29 DATA_QUALITY_ENTITIES 2022-03-30T01:35
dbI-WAR 2022-03-29 DEPOSIT 2022-03-30T01:34
dbI-WAR 2022-03-29 DATA_QUALITY_REPORTS 2022-03-30T01:33
dbI-WAR 2022-03-29 DATA_QUALITY_ENTITIES 2022-03-30T00:43
dbI-WAR 2022-03-29 NEXT_BUSINESS_DAYS 2022-03-29T23:49

 

 

question - i would like to line chart 
x axis should be date as date is same for all 

y axis should be time 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-30-2022 01:20 AM

This doesn't sound like a very interesting chart. If all the dates are the same there will be a single point for each series, which by the way you haven't specified what this will be. Please can you clarify what it is you are trying to do here?

0 Karma
Reply

bhaskar5428
Explorer
‎03-30-2022 01:40 AM

i just wanted to explore chart command or option 

could you please share some useful command how we convert some data into chart

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-30-2022 02:15 AM

It usually works the other way around - you need to decide what it is you are trying to show with a chart, then you look to see if there is an appropriate chart type available, then you work out what the search should be to show you the information you want from your data.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...