Splunk Search

pareto chart?

ytl
Path Finder

hi, i have some data that i would like to display a bar chart with; however, i would like the x-axis items to be ordered by the frequency of the item itself - ie a pareto chart (i would also like the accumulative on a second y-axis, but that's less important). can any one help me with this please?

my search is quite simple:

chart sum(duration) by directorate

which gives me two columns (directorate and sum(duration)) in the 'statistics' tab.

Tags (2)
0 Karma
1 Solution

ytl
Path Finder

thanks lukejadamec: after playing around a bit with the syntax, i was able to get it working with:

chart count(duration) AS total_duration by directorate | sort -total_duration

hope this helps someone!

View solution in original post

0 Karma

ytl
Path Finder

thanks lukejadamec: after playing around a bit with the syntax, i was able to get it working with:

chart count(duration) AS total_duration by directorate | sort -total_duration

hope this helps someone!

View solution in original post

0 Karma

ytl
Path Finder

add my search to question - thanks lukejadamec, i'm not sure how i would include the sort function into the chart...

0 Karma

lukejadamec
Super Champion

Can you post your search string, and have you tried sorting?