Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get a Line Chart with 3 Split by Clauses?

mstark31
Path Finder
‎07-19-2017 12:52 PM

I have a set of lab samples that have a Percent value measured in 3 different locations across the sample, identified as A, B, and C. Each sample is also associated with a different style.

My end goal is to have a line chart with SampleID on the x-axis and Pct on the y-axis with a set 3 different data series for each of the locations A, B, and C for each style. (So Style1PctA, Style1PctB, Style1PctC, Style2PctA, Style2PctB, Style2PctC,...)
Then, I want to use Trellis view to separate by Style, so I'd have a graph with the series for A, B, and C for each Style.

My search is as follows:

| stats avg(Pct) as Pct by SampleID, Location, Style

which of course gives me a table that contains the following fields: SampleID, Location, Style, Pct.
This results in a graph with 3 series: Location, Style, and Pct, but Pct is the only one that shows up on the graph and there is no differentiation by Location or Style.
From there, I can Trellis by Style, but there is no differentiation by Location.

I know that I can accomplish this by doing a separate search (or using a token) to filter by Style before graphing, but then I have to hard-code each of my Styles into either an input on a dashboard, or a series of graphs.

| search Style=123
| stats avg(Pct) as Pct by SampleID, Location

Is there a better way to accomplish this?

Reply

mstark31
Path Finder
‎07-19-2017 01:17 PM

That second block of code should say chart on line 2 instead of stats

0 Karma
Reply

somesoni2
Revered Legend
‎07-19-2017 01:00 PM

GIve this a try

....| stats avg(Pct) as Pct by SampleID, Location, Style | eval Loc_Style=Location.":".Stype
| chart avg(Pct) over SampleID by Loc_Style
0 Karma
Reply

mstark31
Path Finder
‎07-19-2017 01:14 PM

Thank you. While this does work to get all the data series on a single chart, it does not work if I want to do a trellis view separating by Style.

Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...