Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get all the values in y axis - Visualization Tab

Anush
Engager
‎11-17-2020 07:51 PM

Hi All,

How do we all the values for a single field?

Currently, the chart is displayed with the LoginName(x axis) with the count of LoginName(Y axis). Please see below ScreenShot, 

Anush_0-1605670288140.png

What is needed- Display all the values(Endpoint channel, Destination, FileName,IncidentTime, Count) of the each and every LoginName. 

Screenshot below,

Anush_1-1605671038219.png

Currently, I am not getting these values and only getting count of LoginName.

This is the query that is used,

index="prod" sourcetype="*"
|rex "sourceServiceName=(?<sourceServiceName>[\w\s]+)\s+\w+="
|rex "duser=(?<duser>[\w\s]+)\s+\w+="
|rex "fname=(?<fname>[\w\s]+)\s+\w+="
|rex "cat=(?<cat>[\w\s]+)\s+\w+="
|rename sourceServiceName as EndpointChannel duser as Destination loginName as LoginName fname as FileName _time as IncidentTime cat as PolicyName
|fieldformat IncidentTime = strftime(IncidentTime, "%Y/%m/%d %H:%M:%S")
|top showperc=f EndpointChannel Destination FileName PolicyName IncidentTime by LoginName | sort -IncidentTime

This query works only in Statistics view and when I click the visualization, I'm not getting the other values.

Can someone please help?

TIA 

Tags (1)
0 Karma
Reply

Anush
Engager
‎11-18-2020 04:09 PM

So, one of the values in the y axis will be count which is numeric. Can we display the other values as text? Is that possible?

If we move the hoover over the bar, it displays the values as "Endpoint Email" and if we move to other bar , it displays the FileName  as "User "report.text " 

I have attached the Screenshot

Tags (2)
Use Case.PNG
Preview file
16 KB
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-18-2020 11:47 PM

What you are asking for doesn't make sense. The bars are a representation of a measurement on the same scale (the y-axis). Each row in your data only has one measurement (count) so there is only one bar.

0 Karma
Reply

Anush
Engager
‎11-19-2020 03:35 PM

Alrighty! but I have seen somewhere that this is possible to have multiple bars in y axis for a single value in x axis. So, wanted to check if that was possible.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-18-2020 01:02 AM

As you can see from the stats view, each row only has one count which is the count for the unique combination of the other fields. Only the count column has a statistical value, the rest are basically text, that is why there is only a bar for the count. What is it you are expecting to see in the visualisation?

0 Karma
Reply

Anush
Engager
‎11-18-2020 02:53 PM
Anush_1-1605739369754.png

 

This is the statistical view of my search.  I need to have LoginName on the x axis and all the other values(Endpoint Channel, Destination, FileName, PolicyName, IncidentTime and count) for each and every loginName on Y axis. 

Like the below, X axis- LoginName , Y axis- All the values of LoginName

Anush_2-1605739936940.png

Is that possible?

Tags (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-18-2020 03:17 PM

There is one x-axis which you want to be login name. There is one y-axis, which I assume would be numeric for the count. How do you represent "Endpoint Email" or "Custom Policy" or any of the other values the fields have on this numeric scale?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top