Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Timechart and overlay two columns?

snipedown21
Path Finder
‎10-12-2017 11:32 PM

I have a field outcomeIndicator in my data, that holds values 0,1,5,8.
0 and 1 mean a success of the event, and 5 and 8 mean failure.
Now, I want to use timechart count to plot these values over a month, for a span of 1 day, i.e the timechart must show the total events in a day resulting in success and failures, for the previous 30 days.
This timechart must strictly be graphical and must show the trend for both failures and successes over a month.
alt text

Here the green colored trend-line represents the success per day for a month and the red colored trend-line represents failures per day over a month. The image is just for representation and I want to know the possibilities of achieving this.
Thank you.
Cheers.
-Snipedown21

Preview file
32 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-12-2017 11:50 PM

Hi snipedown21,
try something like this:

your_search
| eval result=if(outcomeIndicator<2,"Success","Failure")
| timechart count by result

To set the green and red colors use

<option name="charting.legend.labels">[Success,Failure]</option>
<option name="charting.seriesColors">[0x008000,0xFF0000]</option>

Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-12-2017 11:50 PM

Hi snipedown21,
try something like this:

your_search
| eval result=if(outcomeIndicator<2,"Success","Failure")
| timechart count by result

To set the green and red colors use

<option name="charting.legend.labels">[Success,Failure]</option>
<option name="charting.seriesColors">[0x008000,0xFF0000]</option>

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

snipedown21
Path Finder
‎10-13-2017 01:52 AM

Hi Giuseppe.
Dude!!! That was absolutely perfect. Even the color schemes I had put up in the sample were exactly what you gave me.
Thank you a lot.

Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...