Re: User due date chart over time

Colbasaur · ‎12-10-2020

Hello all!

I am fairly new to SPLUNK but I wanted to make a chart that would use the X axis for a specified amount of time (span=3y), the Y axis for a list of users, and the plotted data points for due dates unique to that user. Below is a crude example of what I am trying to do...

I've been experimenting with the "timechart" command but I can't seem to figure out how to change the Y axis (if that is even possible). Is there a better way to approach this?

Any help would be greatly appreciated!

to4kawa · ‎12-11-2020

Line Chart:

| makeresults
| eval name=split("Chris,jill,john",","), due=split("May,Mar,Jan",","), counter=mvrange(0,3)
| mvexpand counter
| eval NAME=mvindex(name,counter),DUE=strptime("2020".mvindex(due,counter)." 01","%Y%b %d")
| reverse
| streamstats count
| eval _time=DUE
| timechart span=1mon values(count) by NAME
| appendpipe [ eval _time=relative_time(now(),"@month") | fields _time]

It doesn't work very well.

User due date chart over time

chart

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation