Splunk Search

How to plot timechart graph with count of fruits for each door?

venky1544
Builder

Time door Fruit Count
11/11/2022 04:36:07 112 APPLE 14
11/11/2022 04:10:00 111 PEAR 8
11/11/2022 03:01:02 111 PEAR 119
11/11/2022 02:41:49 111 PEAR 82
10/11/2022 21:41:18 111 PEAR 26
10/11/2022 18:11:16 111 PEAR 12
10/11/2022 01:36:15 111 Orange 5

i want to plot timechart graph with count of fruits for each door 

Labels (1)
0 Karma

venky1544
Builder

Hi ITWhisperer

thanks for the answer but i'm having problem in visualization as i want to split by  door i'm trying to use trellis but not working  as when i try to split by door using trellis i can't see the fruits in the graph

 

|makeresults |eval date="11/11/2022 04:36:07", door="112", fruit="APPLE", num="14"
|append [|makeresults |eval date="11/11/2022 04:10:00", door="111", fruit="PEAR", num="8"]
|append [|makeresults |eval date="11/11/2022 03:01:02", door="111", fruit="PEAR", num="119"]
|append [|makeresults |eval date="11/11/2022 02:41:49", door="111", fruit="PEAR", num="82"]
|append [|makeresults |eval date="10/11/2022 21:41:18", door="111", fruit="PEAR", num="26"]
|append [|makeresults |eval date="10/11/2022 18:11:16", door="111", fruit="PEAR", num="12"]
|append [|makeresults |eval date="10/11/2022 01:36:15", door="111", fruit="Orange", num="5"]
| bin span=1h _time | stats sum(num) as count by _time door fruit

venky1544_0-1669120571224.png

 

 

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

timechart only allows one other dimension apart from time, so try something like this

| bin span=1h _time
| stats sum(count) as count by _time door fruit
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...