Re: User due date chart over time

Colbasaur · ‎12-10-2020

Hello all!

I am fairly new to SPLUNK but I wanted to make a chart that would use the X axis for a specified amount of time (span=3y), the Y axis for a list of users, and the plotted data points for due dates unique to that user. Below is a crude example of what I am trying to do...

I've been experimenting with the "timechart" command but I can't seem to figure out how to change the Y axis (if that is even possible). Is there a better way to approach this?

Any help would be greatly appreciated!

to4kawa · ‎12-11-2020

Line Chart:

| makeresults
| eval name=split("Chris,jill,john",","), due=split("May,Mar,Jan",","), counter=mvrange(0,3)
| mvexpand counter
| eval NAME=mvindex(name,counter),DUE=strptime("2020".mvindex(due,counter)." 01","%Y%b %d")
| reverse
| streamstats count
| eval _time=DUE
| timechart span=1mon values(count) by NAME
| appendpipe [ eval _time=relative_time(now(),"@month") | fields _time]

It doesn't work very well.

User due date chart over time

chart

timechart

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation