Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

User due date chart over time

Colbasaur
New Member
‎12-10-2020 11:38 AM

Hello all!

I am fairly new to SPLUNK but I wanted to make a chart that would use the X axis for a specified amount of time (span=3y), the Y axis for a list of users, and the plotted data points for due dates unique to that user. Below is a crude example of what I am trying to do...SPLUNK_EX.PNG

 I've been experimenting with the "timechart" command but I can't seem to figure out how to change the Y axis (if that is even possible). Is there a better way to approach this?

Any help would be greatly appreciated!

Labels (2)
Labels
0 Karma
Reply

to4kawa
Ultra Champion
‎12-11-2020 01:40 AM

Line Chart:

| makeresults
| eval name=split("Chris,jill,john",","), due=split("May,Mar,Jan",","), counter=mvrange(0,3)
| mvexpand counter
| eval NAME=mvindex(name,counter),DUE=strptime("2020".mvindex(due,counter)." 01","%Y%b %d")
| reverse
| streamstats count
| eval _time=DUE
| timechart span=1mon values(count) by NAME
| appendpipe [ eval _time=relative_time(now(),"@month") | fields _time]

It doesn't work very well.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...