Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

|stats count(sum) as a grouped TIMECHART

TCK101
New Member
‎12-18-2018 06:52 AM

Hello
...query

| bucket span=1month _time 
| eval date=strftime(_time, "%Y/%m/%d ") 
|stats count sum(2017_totals) as "Last_Year" sum(2018_totals) as "This_Year"  by  date county

Example Results:

The count is the number of the rows - e..g sales
Last_year is the SUM of totals for that month / year
This_year is the SUM of totals for that month / year

date                country      count     Last_Year      This_Year

2018/12/01     UK                27         300                400
2018/12/01     USA              22          200               350
2018/12/01     CHINA         12           150               200
2018/11/01     UK                 33           250             300
2018/11/01     USA              24           205            360
2018/11/01     CHINA           18           140           190

How can I get this in a chart where date is the X axis and group by COUNTRY

At the moment, the chart is just showing One country count and Last_Year This_Year as a bar chart

I wanted the chart to be something like X axis is time and with EACH country and its values in a bar.

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎12-18-2018 09:31 AM

Give this a try

...query
| bucket span=1month _time 
| chart count sum(2017_totals) as "Last_Year" sum(2018_totals) as "This_Year" by _time county limit=0
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...