Re: Split graph based on two conditions of same fi...

gokool2u · ‎09-22-2016

Hi Splunkers,

I want a graph that contains two columns, one should represent data for 1st half and 2nd half of a year. But I have data for 4 quarters and not for halves. How should I use the quarters for building a graph for halves?

For quarters, it is working fine. But I want to add 2 quarters to display one half. Similarly, I have to calculate the half yearly values and display the two half-yearly results in two columns of the same chart.

I tried using AND operator to choose Q1 and Q2. But it doesn't work. How should I achieve this?

Here is the query
index=fin_mng source="2013*" Company_name="ABCD" Quarters=Q1 AND Quarters=Q2 | convert num("Income from Operations") as income_oper | convert num("Other Income") as other_income | eval TotalIncome= income_oper + other_income | chart sum(TotalIncome) as "Total Income" over source by Company_name

sundareshr · ‎09-22-2016

Try OR operator

index=fin_mng source="2013*" Company_name="ABCD" (Quarters=Q1 OR Quarters=Q2) | convert num("Income from Operations") as income_oper | convert num("Other Income") as other_income | eval TotalIncome= income_oper + other_income | chart sum(TotalIncome) as "Total Income" over source by Company_name

Split graph based on two conditions of same field

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!