How to display all values in the y axis and not sh...

varsh_6_8_6 · ‎10-28-2024

Hi
I am kinda stuck and need help. I am creating a chart in the splunk dashboard and for the y axis I have nearly 20 values which are to be shown as legends. After a certain number of values they are grouped as "other" which dont want and need to display as separate ones. Also I am also ready to turn off the legend.

The query used is

index = "xyz"
|rex field=group "<Instance>(?<instance>[^<]+)</Instance>"
|rex field=group "<SESSIONS>(?<sessions>\d+)</SESSIONS>"
| chart values(sessions) BY _time, instance

May I know which option in the chart will not collapse the values of the y axis?

prateek · ‎10-28-2024

This is very helpful

richgalloway · ‎10-28-2024

Try the limit option to the chart command.

index = "xyz"
|rex field=group "<Instance>(?<instance>[^<]+)</Instance>"
|rex field=group "<SESSIONS>(?<sessions>\d+)</SESSIONS>"
| chart limit=20 values(sessions) BY _time, instance

or

index = "xyz"
|rex field=group "<Instance>(?<instance>[^<]+)</Instance>"
|rex field=group "<SESSIONS>(?<sessions>\d+)</SESSIONS>"
| chart limit=0 values(sessions) BY _time, instance

---
If this reply helps you, Karma would be appreciated.

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

chart

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

Join the Conversation

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

chart

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...