Solved: How to create stacked bar chart for http/https?

jrich523 · ‎04-14-2010

is it possible to do a stacked bar chart where it splits it in two to show how much is https requests and how much is http requests?

gkanapathy · ‎04-14-2010

You must make sure you have an extraction on your data to differentiate the two, but you would simply do:

sourcetype=whatever | chart count by ssl_type

where ssl_type might be the field that contains, say, the inbound port number or a search-time extraction of the incoming URL request, assuming that is logged.

View solution in original post

BunnyHop · ‎04-15-2010

Try this search:

sourcetype=whatever | chart count(ssl_type) over protocol by ssl_type

gkanapathy · ‎04-14-2010

You must make sure you have an extraction on your data to differentiate the two, but you would simply do:

sourcetype=whatever | chart count by ssl_type

where ssl_type might be the field that contains, say, the inbound port number or a search-time extraction of the incoming URL request, assuming that is logged.

How to create stacked bar chart for http/https?

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Join the Conversation

How to create stacked bar chart for http/https?

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4