How to plot username (non-numeric) value on the y-...

Venkat_16 · ‎08-24-2015

I have a log in the following format:

username=nan time=09:00 operation=login
username=ver time=10:00 opertiaon=logout
username=ves time=09:00 operation=login
username=ves time=10:00 opetaion=logout

I need the output in the following format as a scatter plot. I am able to make it in a table, but not in scatter chart.

aljohnson_splun · ‎08-24-2015

Hey Venkat,

Why not try something like this?

... | timechart count(eval(operation="login")) as logins, count(eval(operation="logout")) as logouts by username

Then chose a bar/column chart visualization?

Venkat_16 · ‎08-24-2015

Hi aljohnson_splunk,
Thanks for the response, but we have more than 30+ users and 5 to 6 operations , in that case the following solution gives
"These results may be truncated. Your search generated too much data for the current visualization configuration." notifaction

aljohnson_splun · ‎08-24-2015

Change the time range and the span, e.g.

... earliest=-2w | timechart span=1d count(eval(operation="operation1")) as operation1 .... and so on

How to plot username (non-numeric) value on the y-axis on a scatter chart?