Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Modify X-axis with an interval from 0 to 100

remyjuvenals
New Member
‎12-13-2019 02:28 AM

Hello,
I'm new here,I would like to know how to modify the X-axis. I don't want to group by host or time, I want an interval from 0 to 100.
On my Y-Axis I want to count to number of event who have a value between 10 and 20 on the x axis for exemple.
I don't know if it's possible?

Thanks in advance
Rémy

0 Karma
Reply

niketn
Legend
‎12-13-2019 04:54 PM

@remyjuvenals in order for the community to assist you better please provide more details. Like what is your use case? What is your current query/field names etc.? What does the data look like? Please mask anonymize any sensitive information before posting.

Following run anywhere example generates 100 rows with random count. It uses condition match for count values between 10 to 20. It makes remaining count as null.

As per your question, it then uses appendcols with mvrange() function to generate 1-100 series values for x-axis label.

| makeresults count=100 
| eval count=random(), count=substr(count,1,2) 
| eval count= case(count>=10 AND count<=20,count) 
| appendcols 
    [| makeresults 
    | fields - _time 
    | eval x_axis=mvrange(1,100,1) 
    | mvexpand x_axis] 
| table x_axis count

While this is a run anywhere example based on our understanding of your question. For us to help you better you might have to provide further details as requested.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

to4kawa
Ultra Champion
‎12-13-2019 09:58 AM

UPDATE:

| makeresults count=101
| eval count=1
| accum count
| eval x_axis=count - 1
| eval value=random() % 11 + 10
| table x_axis value

This is simple

| makeresults count=2
| streamstats count
| eval count=if(count==2,100,1)
| makecontinuous count
| appendpipe 
    [| eval count=0
    | dedup count]
    | sort count
    | eval value=random() % 10 + 10
    | rename count as x_axis
    | table x_axis value

What's X-axis?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...