Solved: How to edit my search to display a distribution gr... - Splunk Community

Splunk Search

[2016-xx-xx-xx:xx:xx:xxxx] modelName=model1, modelScore=10
[2016-xx-xx-xx:xx:xx:xxxx] modelName=model2, modelScore=100
[2016-xx-xx-xx:xx:xx:xxxx] modelName=model3, modelScore=50

My log looks something like above

 some search| stats count by modelScore | sort modelScore

I have the above search to show the distribution of the modelScore using bar visualization.

However, I would like to show modelScore for each modelName in the same bar graph in different colors.
Is there any way I can do that?
Thanks.

1 KB

1 Solution

Solution

can you try this please based on whichever way you want to chart:

Keeping modelName on x axis

some search| chart  count over modelName by modelScore

OR
Keeping modelScore on x axis

some search| chart  count over modelScore by modelName

View solution in original post

You probably want to use some search| stats count by modelScore | makecontinuous modelScore as to add any potentially empty buckets/bins.

Solution

can you try this please based on whichever way you want to chart:

Keeping modelName on x axis

some search| chart  count over modelName by modelScore

OR
Keeping modelScore on x axis

some search| chart  count over modelScore by modelName

Thanks! I works perfectly.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open! conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...