Splunk Search

Plot Scatter Chart based on Time

Venkat_16
Contributor

I need to plot a scatter/line chart using the below data:

Time                TransID Duration    TransStatus
10/15/2014 2:06 AM  12101   10.811      Complete
10/15/2014 4:35 AM  13102   20.703      Failed
10/15/2014 6:51 AM  17103   34.712      Incomplete

I need to plot all the values with:

X-Axis - Time

Y-Axis - Duration

Marker Color - Based on TransStatus (say Green for Completed Transactions, Red for Failed Transactions, etc)

Marker Tooltip on mouse-over will display the TransID and few other details related to the transaction, say transaction amount etc.

timechart doesn't help me, as I need to plot all the values in the table.

I have tried table, stats, xyseries combo and chart - however I couldn't get it right.

I am new to D3 viz and planning to try that to get this done.

Could someone help me on how do I achieve this.

manus
Communicator

I haven't found anything better than that:

|eval time=_time|table time Duration

Then you need to select scatter in the graph options.

But the times are in epoch.
http://answers.splunk.com/answers/1541/how-can-i-create-a-scatter-plot-of-data-points-distributed-ov...

I think it's a shame that Splunk cannot do that.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...