Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk v6.1.2 + overlay + just want 2 bars with one overlayed on the other

HattrickNZ
Motivator
‎03-05-2015 05:08 PM

I have the below graph
Image and video hosting by TinyPic

I get this graph with a query similar to:

...| stats max(c117) as whatever max(limit2) as "whatever with a space" by userLabel

which gives me data that looks like:

userLabel   whatever    whatever with a space
PR          60071             77777
AM          20762             88888

Now what I want is the whatever to be a column overlayed on the yellow column. I do not want it to be a line, splunk just does that when I select overlay for whatever.
Can this be done in the normal formatting? Or do i have to do this in simple xml or advanced xml

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HattrickNZ
Motivator
‎03-15-2015 12:50 PM

tks but that did not work. I did find a way to do what i wanted, and the search looks something like below. I basically have to subtract Limit from Usage and then stack limit4Graph oon top of Usage.

... | stats max(c117492014) as Usage max(limit2) as Limit by userLabel | eval percent=Usage/Limit*100 | eval limit4Graph=Limit-Usage | fields userLabel Usage limit4Graph percent

This gives me something like this.
Image and video hosting by TinyPic

NOTE I have add a precent column as I awat to overlay the percent value on top of this and not have this percent line present.This is something else I am working on.

View solution in original post

Reply
Solved! Jump to solution
Solution

HattrickNZ
Motivator
‎03-15-2015 12:50 PM

tks but that did not work. I did find a way to do what i wanted, and the search looks something like below. I basically have to subtract Limit from Usage and then stack limit4Graph oon top of Usage.

... | stats max(c117492014) as Usage max(limit2) as Limit by userLabel | eval percent=Usage/Limit*100 | eval limit4Graph=Limit-Usage | fields userLabel Usage limit4Graph percent

This gives me something like this.
Image and video hosting by TinyPic

NOTE I have add a precent column as I awat to overlay the percent value on top of this and not have this percent line present.This is something else I am working on.

Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-05-2015 11:54 PM

Hi HattrickNZ ,

If having only whatever as a culumn is ok for you , just exchange the position of the fields whatever and whatever a space like you can see below:enter code here

 ...| stats  max(limit2) as "whatever with a space"  max(c117) as whatever by userLabel

And you can set up whatever a space as line for the chart overlay if it is what you want.

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-13-2015 05:48 AM 
    <form>
    <label>Bar Chart</label>
    <description>Example using a basic bar chart</description>
    <fieldset submitButton="false">
    <input type="time" token="time_token" searchWhenChanged="true">
    <label></label>
    <default>
    <earliestTime>-7d@h</earliestTime>
    <latestTime>now</latestTime>
    </default>
    </input>
    </fieldset>
    <row>
    <panel>
    <chart>
    <searchString>index="_internal" | stats max(bytes) as "whatever with a space"   max(current_size) as whatever by sourcetype </searchString>
    <earliestTime>$time_token.earliest$</earliestTime>
    <latestTime>$time_token.latest$</latestTime>
    <option name="charting.chart">bar</option>
    <option name="charting.axisY.scale">log</option>
    <option name="charting.chart.stackMode">default</option>
    <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
    <option name="charting.legend.placement">right</option>
    </chart>

    </panel>
    </row>
    </form>
0 Karma
Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎03-08-2015 01:24 PM

@stephane_cyrille maybe I don't understand. But I want all columns with one column overlapping the other column. I do not want any line chart. Does this make sense? maybe i will edit my answer to show exactly what i want.

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-13-2015 05:46 AM

OK if i understand well you need to transform that line into a culumn in the same chart.
Let's try to use simple xml.

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎03-13-2015 05:51 AM

in the code below replace my search string with your own .

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...