Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Plot Scatter Chart based on Time

Venkat_16
Contributor
‎10-21-2014 06:15 AM

I need to plot a scatter/line chart using the below data:

Time                TransID Duration    TransStatus
10/15/2014 2:06 AM  12101   10.811      Complete
10/15/2014 4:35 AM  13102   20.703      Failed
10/15/2014 6:51 AM  17103   34.712      Incomplete

I need to plot all the values with:

X-Axis - Time

Y-Axis - Duration

Marker Color - Based on TransStatus (say Green for Completed Transactions, Red for Failed Transactions, etc)

Marker Tooltip on mouse-over will display the TransID and few other details related to the transaction, say transaction amount etc.

timechart doesn't help me, as I need to plot all the values in the table.

I have tried table, stats, xyseries combo and chart - however I couldn't get it right.

I am new to D3 viz and planning to try that to get this done.

Could someone help me on how do I achieve this.

Reply

manus
Communicator
‎10-29-2014 10:10 AM

I haven't found anything better than that:

|eval time=_time|table time Duration

Then you need to select scatter in the graph options.

But the times are in epoch.
http://answers.splunk.com/answers/1541/how-can-i-create-a-scatter-plot-of-data-points-distributed-ov...

I think it's a shame that Splunk cannot do that.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...