Solved: Re: column chart : How can we create a chart with ...

LauraBre · ‎05-15-2012

Hello,

I have a question about a timechart creation. I want to create a columns chart. My search is :

tag::source="TokenizerWatchdogSplunk"| Service_Type="*" | eval series=case(Service_Type="T2D", "detok", Service_Type="D2T", "tok") |chart count(Service_Type) by series, _time, Requester

series and Requester are two fields that I created. I want to have time and requester in abscissa and the number of Service_type by series in ordinate. I want to have the number of detok and tok by requester. A requester is a column and this on basis on the time. But I don't able to have a chart of this type. How can I resolve this?

Thanks in advance.

brettcave · ‎06-26-2012

Is this close to what you are looking for?
chart count(Service_Type) by series over Requester

View solution in original post

brettcave · ‎06-26-2012

Is this close to what you are looking for?
chart count(Service_Type) by series over Requester

AlexMcDuffMille · ‎05-01-2014

This will only show values that have counts. Using the fields command we can show the count of other series that may have existed, but how do we fill those null values with 0 if they have no events? The fillnull command does not seem to work in that case.

john · ‎09-26-2012

hi,

can we create a chart on difference of two coulmn.And on right it should show the two column values too is it possible.

column chart : How can we create a chart with three fields?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation