Splunk Search

how to change the lables of x axis of a bar graph

anooshac
Communicator

Hi all,

I have to plot a bar graph in which duration in hours will be in x axis and number of tasks will be in y axis. I want to specify the label of x axis as 0-1(hr), 1-2(hr), 2-3(hr),.... Can anyone please help me in doing this.

Labels (1)
Tags (3)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

bin span=1 will do this for you

| makeresults count=20
| eval duration=random() % 20 
| eval count=random() % 20
| stats sum(count) as count by duration
| sort 0 duration
| makecontinuous duration
| bin duration span=1

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

bin span=1 will do this for you

| makeresults count=20
| eval duration=random() % 20 
| eval count=random() % 20
| stats sum(count) as count by duration
| sort 0 duration
| makecontinuous duration
| bin duration span=1
0 Karma

anooshac
Communicator

| eval duration=(TASK_DURATION)/3600000|chart distinct_count(TASK_NUM) as task by duration| makecontinuous duration | bin duration span=1

I have used the query like this and i'm getting the following results. This is the result that i gotThis is the result that i got

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Use floor on the division otherwise you are charting by fractions of hours.

| eval duration=floor((TASK_DURATION)/3600000)
0 Karma

anooshac
Communicator

Thank you so much!! It is working fine.. I have one small query, if we have to make interval as 0-2, 2-4, 4-6... i have to change span=2 right? i tried and i am getting repeated values in the table.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You would have do it slightly differently

| makeresults count=20
| eval duration=random() % 20 
| eval count=random() % 20
``` this bin groups duration in 2's for the stats - note the s after the 2 (this keeps the duration as numbers rather than strings of ranges) ```
| bin duration span=2s
| stats sum(count) as count by duration
| sort 0 duration
| makecontinuous duration 
``` this bin converts the duration to a string range - note the removal of the s ```
| bin duration span=2
0 Karma

anooshac
Communicator

I have one doubt.. need one more help from you.. The x axis is showing ranges that are too high.. for example 200-202 which doesn't have data in the y axis. How can i limit the range of x axis?

Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Take out the makecontinuous

0 Karma

anooshac
Communicator

Thank you..

Since the bar graph is having a lot of values in x axis i'm trying to limit the values. I'm trying to group the values into 3. One which has duration less than 15, second one having duration between 15 to 25 and last one having duration greater than 25.

        | eval red = if(duration>25,duration,0)
        | eval yellow = if(duration<=25 AND duration>15,duration,0)
        | eval green = if(duration<=15, duration, 0)
        

  I have tried like this but i think this is not how its done. Do you have any idea on this. Can you please help me on this.

0 Karma

anooshac
Communicator

Thank you so much!

0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...