How to display all values in the y axis and not sh...

varsh_6_8_6 · ‎10-28-2024

Hi
I am kinda stuck and need help. I am creating a chart in the splunk dashboard and for the y axis I have nearly 20 values which are to be shown as legends. After a certain number of values they are grouped as "other" which dont want and need to display as separate ones. Also I am also ready to turn off the legend.

The query used is

index = "xyz"
|rex field=group "<Instance>(?<instance>[^<]+)</Instance>"
|rex field=group "<SESSIONS>(?<sessions>\d+)</SESSIONS>"
| chart values(sessions) BY _time, instance

May I know which option in the chart will not collapse the values of the y axis?

prateek · ‎10-28-2024

This is very helpful

richgalloway · ‎10-28-2024

Try the limit option to the chart command.

index = "xyz"
|rex field=group "<Instance>(?<instance>[^<]+)</Instance>"
|rex field=group "<SESSIONS>(?<sessions>\d+)</SESSIONS>"
| chart limit=20 values(sessions) BY _time, instance

or

index = "xyz"
|rex field=group "<Instance>(?<instance>[^<]+)</Instance>"
|rex field=group "<SESSIONS>(?<sessions>\d+)</SESSIONS>"
| chart limit=0 values(sessions) BY _time, instance

---
If this reply helps you, Karma would be appreciated.

How to display all values in the y axis and not show others in the legends for the y axis in splunk dashboard panel?

chart

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Are you a member of the Splunk Community?