Splunk Enterprise

Looking for a search command to generate a typical graph with multiple fields

amgsplunk
Explorer

Hi,

I am looking for a search command for generating a typical graph with multiple fields as below.

CSV File has the following data.

IPAddress Severity
192.168.1.4 Low
192.168.1.5 High
192.168.1.6 Medium
192.168.1.4 High
192.168.1.4 Medium
192.168.1.5 Low
192.168.1.5 Low
192.168.1.6 High
192.168.1.6 Low

 

Looking to see the data in splunk visualization similar to the following graph.

amgsplunk_0-1650252536877.png

The graph is plotted using excel for the above csv table.  I am looking for a search command to visualize the data similar to the above graph. 

Appreciate your inputs.

~Arjun

 

 

 

Labels (2)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @amgsplunk,

the chart command is the splution for your requirement, please try something like this:

your_search
| chart count OVER Severity BY IPAddress

for more details see at https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart.

Ciao and Happy Easter.

Giuseppe

View solution in original post

0 Karma

amgsplunk
Explorer

Hi Giuseppe,

Thank you very much for quick response. will you be able to provide me sample search commands based on various scenarios for quick learning purpose.

Informal notes will do.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @amgsplunk,

good for you,

I cannot help you in search definition because I don't know your data, you should share some sample data, anyway, the chart command is the solution for your need, now you have only to find the correct main search to have as results only the events matching your conditions.

If you haven't much practice with SPL, I hint to follow the Splunk Search Tutorial (https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/WelcometotheSearchTutorial) that teach you in SPL using.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @amgsplunk,

the chart command is the splution for your requirement, please try something like this:

your_search
| chart count OVER Severity BY IPAddress

for more details see at https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart.

Ciao and Happy Easter.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...