Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk v6.1.2 + overlay + just want 2 bars with one overlayed on the other

HattrickNZ
Motivator
‎03-05-2015 05:08 PM

I have the below graph
Image and video hosting by TinyPic

I get this graph with a query similar to:

...| stats max(c117) as whatever max(limit2) as "whatever with a space" by userLabel

which gives me data that looks like:

userLabel   whatever    whatever with a space
PR          60071             77777
AM          20762             88888

Now what I want is the whatever to be a column overlayed on the yellow column. I do not want it to be a line, splunk just does that when I select overlay for whatever.
Can this be done in the normal formatting? Or do i have to do this in simple xml or advanced xml

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HattrickNZ
Motivator
‎03-15-2015 12:50 PM

tks but that did not work. I did find a way to do what i wanted, and the search looks something like below. I basically have to subtract Limit from Usage and then stack limit4Graph oon top of Usage.

... | stats max(c117492014) as Usage max(limit2) as Limit by userLabel | eval percent=Usage/Limit*100 | eval limit4Graph=Limit-Usage | fields userLabel Usage limit4Graph percent

This gives me something like this.
Image and video hosting by TinyPic

NOTE I have add a precent column as I awat to overlay the percent value on top of this and not have this percent line present.This is something else I am working on.

View solution in original post

Reply
Solved! Jump to solution
Solution

HattrickNZ
Motivator
‎03-15-2015 12:50 PM

tks but that did not work. I did find a way to do what i wanted, and the search looks something like below. I basically have to subtract Limit from Usage and then stack limit4Graph oon top of Usage.

... | stats max(c117492014) as Usage max(limit2) as Limit by userLabel | eval percent=Usage/Limit*100 | eval limit4Graph=Limit-Usage | fields userLabel Usage limit4Graph percent

This gives me something like this.
Image and video hosting by TinyPic

NOTE I have add a precent column as I awat to overlay the percent value on top of this and not have this percent line present.This is something else I am working on.

Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-05-2015 11:54 PM

Hi HattrickNZ ,

If having only whatever as a culumn is ok for you , just exchange the position of the fields whatever and whatever a space like you can see below:enter code here

 ...| stats  max(limit2) as "whatever with a space"  max(c117) as whatever by userLabel

And you can set up whatever a space as line for the chart overlay if it is what you want.

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-13-2015 05:48 AM 
    <form>
    <label>Bar Chart</label>
    <description>Example using a basic bar chart</description>
    <fieldset submitButton="false">
    <input type="time" token="time_token" searchWhenChanged="true">
    <label></label>
    <default>
    <earliestTime>-7d@h</earliestTime>
    <latestTime>now</latestTime>
    </default>
    </input>
    </fieldset>
    <row>
    <panel>
    <chart>
    <searchString>index="_internal" | stats max(bytes) as "whatever with a space"   max(current_size) as whatever by sourcetype </searchString>
    <earliestTime>$time_token.earliest$</earliestTime>
    <latestTime>$time_token.latest$</latestTime>
    <option name="charting.chart">bar</option>
    <option name="charting.axisY.scale">log</option>
    <option name="charting.chart.stackMode">default</option>
    <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
    <option name="charting.legend.placement">right</option>
    </chart>

    </panel>
    </row>
    </form>
0 Karma
Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎03-08-2015 01:24 PM

@stephane_cyrille maybe I don't understand. But I want all columns with one column overlapping the other column. I do not want any line chart. Does this make sense? maybe i will edit my answer to show exactly what i want.

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-13-2015 05:46 AM

OK if i understand well you need to transform that line into a culumn in the same chart.
Let's try to use simple xml.

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-13-2015 05:51 AM

in the code below replace my search string with your own .

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...