Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit my search to generate a report of Current Status over time?

wmusch
New Member
‎05-12-2017 05:31 PM

Greetings everyone.

I'm trying to do what I think is a simple task, but for some reason it is troubling. I loaded some CSV data into Splunk, and have this search:

Course="MYCOURSE*" Progres=100 | chart count by Course "Current Status"

Now, I get a result of my four courses, and the pass fail state (Current Status).
alt text

That is good, now I cant seem to generate this report over time. So basically I would like to see a bar graph, showing the pass/fail state for each course for each month. The trouble I think I'm running into is the use of chart and not timechart, however I seem to have trouble creating a timechart that breaks up the "Current Status" field that could be either pass or fail

Here is an example of the data set:
User User ID Course Course Start Date Course Completion Date Progress Current Average Current Status Time In Course
Jon ID1 Course 1 2/16/2017 16:25 2/17/2017 13:49 100 86 PASS 1h 17m
Doe ID1 Course 1 10/28/2016 3:43 11/7/2016 5:11 100 72 FAIL 107h 32m

Preview file
16 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎05-17-2017 04:49 AM

Like this:

Course="MYCOURSE*" Progres=100 | eval CourseAndStatus = Course . ":" . $Current Status$ | timechart count BY CourseAndStatus
0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...