Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make a barchart with start time, duration by resource

las
Contributor
‎08-25-2014 05:06 AM

Hi.

I would like to make a bar chart, where date/time is on the X-axis, and the resource is the Y-axis, the bar should start at _time, and have a length of duration.

Is this possible using only base Splunk 6.1, or is it necessary to download and install additional apps?

If it is possible what would the chart look like?

Thanks in advance.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

las
Contributor
‎09-04-2014 01:14 AM

The trick is to have a start and end event, with a unique number, and then do a line graf on that number. That will produce a nice horisontal line, spanning from start to end.

View solution in original post

Reply
Solved! Jump to solution

las
Contributor
‎09-04-2014 04:30 AM

The search is as follows:
eventtype=TWS_logs eventtype=TWS_job_events NOT (userID = "TWSD01" OR userID = "TWSP01") submitName=* NOT submitName=TWSON* (eventText="TWS_Job_Abend" OR eventText="TWS_Job_Failed" OR eventText="TWS_Job_Launched" OR eventText="TWS_Job_Done") | dedup _raw | eval label=submitName."-".jobNumber | timechart limit=0 first(jobNumber) by label

And what I end up with, is a result set like this:
alt text

Where the four arrows indicate the unique number, and a name wich is concatenated as a label

The end result is as follows:
alt text

The graph is rather large, so I have just taken a small portion.

0 Karma
Reply
Solved! Jump to solution
Solution

las
Contributor
‎09-04-2014 01:14 AM

The trick is to have a start and end event, with a unique number, and then do a line graf on that number. That will produce a nice horisontal line, spanning from start to end.

Reply
Solved! Jump to solution

MuS
Legend
‎09-04-2014 02:41 AM

could you share the search and the resulting graph, please?

Reply
Solved! Jump to solution

las
Contributor
‎09-04-2014 01:12 AM

Yes, that is something in the line I was looking for.
It took some time, but I got the gist, and found a solution, that works for me based on the example.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-25-2014 06:11 AM

Are looking for gantt chart? May be this?

https://apps.splunk.com/app/1741/

Also checkout this.
http://answers.splunk.com/answers/1644/building-a-gantt-chart

Reply
Solved! Jump to solution

MuS
Legend
‎08-25-2014 05:15 AM

Hi las,

take this run everywhere example:

  index=_internal | chart values(kb) over series by _time

this will generate a bar graph like this:

alt text

hope this helps ...

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎08-25-2014 05:54 AM

more like this 

 index=_internal | chart values(kb) over _time by series

?

0 Karma
Reply
Solved! Jump to solution

las
Contributor
‎08-25-2014 05:25 AM

Hi MuS.

Yes, but all the bars start at zero, what I would like was for the individual bar to start at the time indicated by _time in the event, and have the length indicated by duration, and then have the X-axis as _time.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top