Splunk Search

how to combine time chart and bar chart together

cheriemilk
Path Finder

Hi team,

1. I have first query which return me below chart

 

 

 

 

<baseQuery>
|timechart span=4w count(ACT) as countOfOpenSession, 
                   distinct_count(UID) as countOfUserID, 
                   distinct_count(CMN) as countOfCustomer

 

 

 

 

cheriemilk_0-1634713532480.png

 

 

2. then I have second query which return me below table and chart, which is for getting the CMN value which has highest hit value per month.

 

 

 

 

<baseQuery>
| stats count(ACT) as hit by date_month CMN
| eventstats max(hit) as maxhit by date_month
| where hit=maxhit
| fields - maxhit

 

 

 

 

 

cheriemilk_2-1634713812240.png

 

 

cheriemilk_1-1634713662087.png

 

 

Expected Chart I want to get from splunk search:

1. combine the two queries into one. (by the way, baseQuery for the two queries in my scenario are  same.)

2. combine the timeline chart and bar chart into one chart . 

3. From the combined chart->on the bars, to display both CMN(customer Name) and hit count

 

Here is an example chart I want(similar to below)

cheriemilk_3-1634714193515.png

 

 

how to edit the query and format to achieve the expected chart?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Want a chance to win $500 to the Splunk shop? Take our IT Incident Management Survey!

  Top Trends & Best Practices in Incident ManagementSplunk is partnering up with Constellation Research to ...