Solved: In a chart count where days are the column header,...

rossblassingame · ‎09-14-2018

I'm trying to get a table where "Days" are the column headers (chronologically) and hours are the row headers that show the total events that happened in each hour per day. Something like this:

Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

I think I have it mostly working with the following:

[code] | chart count over date_hour by date_wday

What's showing in the chart is:

Could anyone please help me figure this out?

Thanks.

renjith_nair · ‎09-14-2018

@rossblassingame

Try mentioning the headers in the field list like | chart count over date_hour by date_wday|fields Monday,Tuesday ,Wednesday ,Thursday ,Friday,Saturday

Happy Splunking!

View solution in original post

renjith_nair · ‎09-14-2018

@rossblassingame

Try mentioning the headers in the field list like | chart count over date_hour by date_wday|fields Monday,Tuesday ,Wednesday ,Thursday ,Friday,Saturday

Happy Splunking!

rossblassingame · ‎09-17-2018

Above answer led me to the right answer. What worked for me:

| chart count over date_hour by date_wday | fields date_hour, sunday, monday, tuesday, wednesday, thursday, friday, saturday

In a chart count where days are the column header, how do I get the days to list in chronological order?

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Admin Your Splunk Cloud, Your Way