Hi,
I am looking for a search command for generating a typical graph with multiple fields as below.
CSV File has the following data.
IPAddress | Severity |
192.168.1.4 | Low |
192.168.1.5 | High |
192.168.1.6 | Medium |
192.168.1.4 | High |
192.168.1.4 | Medium |
192.168.1.5 | Low |
192.168.1.5 | Low |
192.168.1.6 | High |
192.168.1.6 | Low |
Looking to see the data in splunk visualization similar to the following graph.
The graph is plotted using excel for the above csv table. I am looking for a search command to visualize the data similar to the above graph.
Appreciate your inputs.
~Arjun
Hi @amgsplunk,
the chart command is the splution for your requirement, please try something like this:
your_search
| chart count OVER Severity BY IPAddress
for more details see at https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart.
Ciao and Happy Easter.
Giuseppe
Hi Giuseppe,
Thank you very much for quick response. will you be able to provide me sample search commands based on various scenarios for quick learning purpose.
Informal notes will do.
Hi @amgsplunk,
good for you,
I cannot help you in search definition because I don't know your data, you should share some sample data, anyway, the chart command is the solution for your need, now you have only to find the correct main search to have as results only the events matching your conditions.
If you haven't much practice with SPL, I hint to follow the Splunk Search Tutorial (https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/WelcometotheSearchTutorial) that teach you in SPL using.
Ciao and happy splunking.
Giuseppe
P.S.: Karma Points are appreciated 😉
Hi @amgsplunk,
the chart command is the splution for your requirement, please try something like this:
your_search
| chart count OVER Severity BY IPAddress
for more details see at https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart.
Ciao and Happy Easter.
Giuseppe