Splunk Search

How to create a scatter graph of chain stores on the y-axis with a dot over each city a store is located long the x-axis?

lyndac
Contributor

I have Splunk indexing a file that contains information about the geographical location of stores:

city, chain, numStores
Pasadena, Walmart, 0
Pasadena, Kmart, 1
Glen Burnie, Walmart, 1
Glen Burnie, Target, 1
Glen Burnie, Kmart, 1
Millersville, Target, 1

I want to be able to plot this data into a scatter chart where the X-axis is the city, the Y-axis is the chain, and the "dot" appears at the intersection where the city has a store (similar to below, but the X's are dots and they are lined up in the column):

Walmart|                       X
KMart  |      X                X
Target |                       X                  X
-----------------------------------------------------------------
           Pasadena       Glen Burnie        Millersville

Try as I might, I cannot even get the axes to display correctly. Is it possible to do what I am asking? I read in the "Data Requirments for Visualizations" document that I need to graph the events directly, so I tried this:
index=foo | fields - _* | fields city, chain (I get no results for this)
index=foo | fields city, chain (I don't see any plots, but the legend shows up with city and _time. The x axis is labeled city, but no values are displayed and the y-axis shows values 50 and 100 which are not even in the data.)

I wish I could paste the graph here, but my Splunk is on a closed instance so I have to retype everything here.

0 Karma
1 Solution

afishkin_splunk
Splunk Employee
Splunk Employee

scatter graph returns number for both Y-Axis and X-Axis
http://docs.splunk.com/Documentation/Splunk/6.3.0/Viz/Datastructurerequirementsforvisualizations and select Scatter charts link on the right panel

View solution in original post

0 Karma

afishkin_splunk
Splunk Employee
Splunk Employee

scatter graph returns number for both Y-Axis and X-Axis
http://docs.splunk.com/Documentation/Splunk/6.3.0/Viz/Datastructurerequirementsforvisualizations and select Scatter charts link on the right panel

0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...