Splunk Search

Modify X-axis with an interval from 0 to 100

New Member

I'm new here,I would like to know how to modify the X-axis. I don't want to group by host or time, I want an interval from 0 to 100.
On my Y-Axis I want to count to number of event who have a value between 10 and 20 on the x axis for exemple.
I don't know if it's possible?

Thanks in advance

0 Karma

@remyjuvenals in order for the community to assist you better please provide more details. Like what is your use case? What is your current query/field names etc.? What does the data look like? Please mask anonymize any sensitive information before posting.

Following run anywhere example generates 100 rows with random count. It uses condition match for count values between 10 to 20. It makes remaining count as null.

As per your question, it then uses appendcols with mvrange() function to generate 1-100 series values for x-axis label.

| makeresults count=100 
| eval count=random(), count=substr(count,1,2) 
| eval count= case(count>=10 AND count<=20,count) 
| appendcols 
    [| makeresults 
    | fields - _time 
    | eval x_axis=mvrange(1,100,1) 
    | mvexpand x_axis] 
| table x_axis count

While this is a run anywhere example based on our understanding of your question. For us to help you better you might have to provide further details as requested.

| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Ultra Champion


| makeresults count=101
| eval count=1
| accum count
| eval x_axis=count - 1
| eval value=random() % 11 + 10
| table x_axis value

This is simple

| makeresults count=2
| streamstats count
| eval count=if(count==2,100,1)
| makecontinuous count
| appendpipe 
    [| eval count=0
    | dedup count]
    | sort count
    | eval value=random() % 10 + 10
    | rename count as x_axis
    | table x_axis value

What's X-axis?

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...