Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is my chart that is grouped by values not showing up in visualization?

saravana22
Explorer
‎03-02-2022 02:42 AM

Hi Experts,

my SPL query,

...| eval elapse_range=case(
TOTAL_ELAPSE>0 AND TOTAL_ELAPSE<4, "Green",
TOTAL_ELAPSE>4 AND TOTAL_ELAPSE<8, "Yellow",
TOTAL_ELAPSE>8, "Red")
|chart values(TOTAL_ELAPSE) as TOTAL_ELAPSE over JOBID by elapse_range

Statistics table:

JOBID                         Green                 Red                    Yellow
SZ146BKP                                              8.2
SZ11BKP                                                 8.6                         7.9
SZ16BKP                                                 8.6
SZSWTCNT                                            8.7
SZ00D                          T39
                                                                    9.5
                                                                    9.8
                                                                    9.9

SZ24
                                                                   10.6
                                                                    11.0

SZ07                                  1.7                12.7
SZ04                                                        59.6
SZ22
                                                                   66.6
                                                                    69.2

 

The grouped by values i.e Highlighted Values coming in statistical table but not showing in chart

 

saravana22_0-1646217672554.png

 

Chart not showing the values 66.6, 69.2 etc
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 03:12 AM

Line chart cannot (easily) display multiple values for each x-axis value. You could try

| chart max(TOTAL_ELAPSE) as TOTAL_ELAPSE over JOBID by elapse_range

View solution in original post

0 Karma
Reply
Solved! Jump to solution

saravana22
Explorer
‎03-02-2022 03:18 AM

Thank you @ITWhisperer  for the quick help. Here i need show all the values in graph instead of Max.

example : If job SZ22 have 66.6 & 69.2, i need to show both in the chart. Can you please help!!!


Thank you in advance

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 03:22 AM

What do you imagine such a chart would look like? Does the line join to 66.6 and then up to 69.2, or 69.2 and then down to 66.6? What about when there are three values? As you can see, there is no easy way to specify what this line would look like.

Perhaps you need two lines for each elapse_range e.g.  Green_max, Green_min etc.?

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 03:12 AM

Line chart cannot (easily) display multiple values for each x-axis value. You could try

| chart max(TOTAL_ELAPSE) as TOTAL_ELAPSE over JOBID by elapse_range
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...