Solved: In a chart count where days are the column header,...

rossblassingame · ‎09-14-2018

I'm trying to get a table where "Days" are the column headers (chronologically) and hours are the row headers that show the total events that happened in each hour per day. Something like this:

Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

I think I have it mostly working with the following:

[code] | chart count over date_hour by date_wday

What's showing in the chart is:

Could anyone please help me figure this out?

Thanks.

renjith_nair · ‎09-14-2018

@rossblassingame

Try mentioning the headers in the field list like | chart count over date_hour by date_wday|fields Monday,Tuesday ,Wednesday ,Thursday ,Friday,Saturday

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎09-14-2018

@rossblassingame

Try mentioning the headers in the field list like | chart count over date_hour by date_wday|fields Monday,Tuesday ,Wednesday ,Thursday ,Friday,Saturday

---
What goes around comes around. If it helps, hit it with Karma 🙂

rossblassingame · ‎09-17-2018

Above answer led me to the right answer. What worked for me:

| chart count over date_hour by date_wday | fields date_hour, sunday, monday, tuesday, wednesday, thursday, friday, saturday

In a chart count where days are the column header, how do I get the days to list in chronological order?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases