How to group stacked bar chart by a value?

KalebeRS · ‎07-19-2023

Hello,

I have the following code for a bar chart that I need to show stacked the results from the 3 ifs that I have. The code retrieves data by week number and divides then by each day of the week.

Is it possible to group the data by week number showing each result for the day of the week stacked by the results of the 3 if's that I have?

index="" host= sourcetype=csv [search index="" host= sourcetype=csv source=C:\\2023-CW28_2.csv | dedup source | table source | sort - source | head 1 ] 
| table iswID, iswTitle, iswSD, pverID, pverSF
| where iswSD >= strftime(relative_time(now(), "-3w@w"),"%Y-%m-%d")
| eval Week=strftime(strptime(iswSD,"%Y-%m-%d"),"%V")
| eval Day=strftime(strptime(iswSD,"%Y-%m-%d"),"%A")
| eval ISWGT=if(iswSD>pverSF,1,0)
| eval ISWLE=if(iswSD<=pverSF,1,0)
| eval non_mapped= if(match(pverID,""), 1,0)
| chart sum(ISWGT) as "iswSD gt pverSF", sum(ISWLE) as "iswSD LE pverSF", sum(non_mapped) as "Non Mapped" by Week,Day

ITWhisperer · ‎07-19-2023

The simple answer is no.

A bar chart has three things, an x-axis, a y-axis, and a set of series of data. For a stacked chart, each series is stacked according to its x-axis label and its y-axis value.

You appear to have four things, week, day, "if" name, and "if" sum.

How to group stacked bar chart by a value?

dashboard

other

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024