Splunk Search

How to create a search with string column to generate a chart with 3 data points?

chambooca
Observer

I'm an intermediate Splunk user.  I have a query that has 3 fields i want to turn into a chart:
1. mySearchTerm (string)
2. geoID(10 values, each is a unique 5 digit number: 10010, 20020, etc...)
3. the count of searchTerms that appear per geoID

I am able to get a table going using:

 

 

<main query> | stats count(mySearchTerm) as myCount BY geoID, mySearchTerm
| table geoID myCount mySearchTerm

 

 

 

But when I go to build a visualization of any kind (bubble, scatter, etc) the layout looks wrong.
I'd like to create a visualization of count of mySearchTerm broken down by geoID

2 part question:

1. Does my query seem appropriate for my intended use?

2. Is there a specific chart type that is more suited for this information?

Labels (2)
Tags (2)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You don't need the table command

Either line or column chart would probably work

0 Karma
Get Updates on the Splunk Community!

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...