Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is my chart that is grouped by values not showing up in visualization?

saravana22
Explorer
‎03-02-2022 02:42 AM

Hi Experts,

my SPL query,

...| eval elapse_range=case(
TOTAL_ELAPSE>0 AND TOTAL_ELAPSE<4, "Green",
TOTAL_ELAPSE>4 AND TOTAL_ELAPSE<8, "Yellow",
TOTAL_ELAPSE>8, "Red")
|chart values(TOTAL_ELAPSE) as TOTAL_ELAPSE over JOBID by elapse_range

Statistics table:

JOBID                         Green                 Red                    Yellow
SZ146BKP                                              8.2
SZ11BKP                                                 8.6                         7.9
SZ16BKP                                                 8.6
SZSWTCNT                                            8.7
SZ00D                          T39
                                                                    9.5
                                                                    9.8
                                                                    9.9

SZ24
                                                                   10.6
                                                                    11.0

SZ07                                  1.7                12.7
SZ04                                                        59.6
SZ22
                                                                   66.6
                                                                    69.2

 

The grouped by values i.e Highlighted Values coming in statistical table but not showing in chart

 

saravana22_0-1646217672554.png

 

Chart not showing the values 66.6, 69.2 etc
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 03:12 AM

Line chart cannot (easily) display multiple values for each x-axis value. You could try

| chart max(TOTAL_ELAPSE) as TOTAL_ELAPSE over JOBID by elapse_range

View solution in original post

0 Karma
Reply
Solved! Jump to solution

saravana22
Explorer
‎03-02-2022 03:18 AM

Thank you @ITWhisperer  for the quick help. Here i need show all the values in graph instead of Max.

example : If job SZ22 have 66.6 & 69.2, i need to show both in the chart. Can you please help!!!


Thank you in advance

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 03:22 AM

What do you imagine such a chart would look like? Does the line join to 66.6 and then up to 69.2, or 69.2 and then down to 66.6? What about when there are three values? As you can see, there is no easy way to specify what this line would look like.

Perhaps you need two lines for each elapse_range e.g.  Green_max, Green_min etc.?

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-02-2022 03:12 AM

Line chart cannot (easily) display multiple values for each x-axis value. You could try

| chart max(TOTAL_ELAPSE) as TOTAL_ELAPSE over JOBID by elapse_range
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...