Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to display duration(start and end time) in a column chart?

mythili
Explorer
‎09-11-2024 09:38 PM

Hi all, 

I am trying to show the connected duration, which is calculated using transaction command in a timechart. When I try below query, the entire duration shows in the earliest timestamp(start time) as a single column. I would like to show the connected duration in a column chart, with area between start and end time colored.  For example, if device was connected from 20th August to 23rd August, I want the column to extend across these days. Currently, the entire duration is shown on the 20th date alone. Kindly let me know your suggestions to implement this.

Query:

| transaction dvc_id startswith="CONNECTED" endswith="DISCONNECTED"
| timechart sum(duration) by connection_protocol



Labels (5)
Preview file
15 KB
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-11-2024 11:21 PM

You need to look for a different visualization. Bar chart, line chart and such are meant for showing discrete values, not time ranges.

For starters - you can check out this app https://splunkbase.splunk.com/app/3120 (I'm not saying that's what fits your use case but that's at least one possible approach).

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎09-11-2024 11:10 PM

What you ask is effectively a Gantt chart visualization that Splunk search and dashboard doesn't support natively.  Checkout this viz app: https://splunkbase.splunk.com/app/3120.

(Years ago I got some help here for similar - a lot of filldown and stuff.  Using a prebuilt app is perhaps the best way to go for now.)

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-11-2024 11:09 PM

Hi @mythili ,

to acquire your requirement it isn't possible with the default visualizations, but you could try with the Splunk Timeline - custom visualization (https://splunkbase.splunk.com/app/3120) add-on, following the instructions about how to create your search.

Ciao.

Giuseppe

0 Karma
Reply

norbertomyrna
New Member
‎09-11-2024 10:05 PM

hey there!!

0 Karma
Reply

norbertomyrna
New Member
‎09-11-2024 10:04 PM

Right-click on the chart area and choose Select Data. Click Add and enter Duration as the series name. Select cells E5:E11 as the series values and click OK. The Edit Series window will reappear. Click OK. Click OK on the Select Data Source window. The duration will be added to the chart.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...