Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

splunk query

Nith1
Path Finder
‎05-12-2021 10:43 PM

Hi 

Can someone help me with the query for the below requirment

i have User A, User B, User C and so onn with the job status as Inprogress,To Do, Done

Need to list the jobs assigned to all the users in the form of bar chart  i.e) may be USer A has job status as inprogess, to do 

User A  -- Inprogress
                    To do 

User B -To Do 
                 Done



 

 

Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-13-2021 02:15 AM

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

View solution in original post

Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-12-2021 10:50 PM

@Nith1 

 

Try this.

YOUR_SEARCH
| stats values(Status) as Status by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status 
| stats values(Status) as Status by User

 

For bar chart, can you please share more on how you want to display chart?

 

Thanks
Kamlesh Vaghela

Reply
Solved! Jump to solution

Nith1
Path Finder
‎05-13-2021 01:44 AM

Hi @kamlesh_vaghela 

Thanks for the queryi could view the data in the form of taable but when i change to bar chart representation its not displaying any data can you please guide

0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎05-13-2021 02:15 AM

@Nith1 

 

Barchart requires some numerical to present bars in chart. Do you have any logic for that?

I tried just putting a 1 as sample value and designed below search. 

YOUR_SEARCH
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

Sample:

| makeresults 
| eval _raw="User	Status
User A 	In Progess
User B 	In Progess
User C 	To do 
User A 	Done
User B 	Done
User C 	Done
" 
| multikv forceheader=1 
| table User Status
| eval {Status}=1 | fields - Status 
| stats values(*) as * by User

 

If this reply helps you, an upvote would be appreciated.

 

Thanks
Kamlesh Vaghela

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...