Splunk Enterprise

Looking for a search command to generate a typical graph with multiple fields

amgsplunk
Explorer

Hi,

I am looking for a search command for generating a typical graph with multiple fields as below.

CSV File has the following data.

IPAddress Severity
192.168.1.4 Low
192.168.1.5 High
192.168.1.6 Medium
192.168.1.4 High
192.168.1.4 Medium
192.168.1.5 Low
192.168.1.5 Low
192.168.1.6 High
192.168.1.6 Low

 

Looking to see the data in splunk visualization similar to the following graph.

amgsplunk_0-1650252536877.png

The graph is plotted using excel for the above csv table.  I am looking for a search command to visualize the data similar to the above graph. 

Appreciate your inputs.

~Arjun

 

 

 

Labels (2)
0 Karma
1 Solution

gcusello
Legend

Hi @amgsplunk,

the chart command is the splution for your requirement, please try something like this:

your_search
| chart count OVER Severity BY IPAddress

for more details see at https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart.

Ciao and Happy Easter.

Giuseppe

View solution in original post

0 Karma

amgsplunk
Explorer

Hi Giuseppe,

Thank you very much for quick response. will you be able to provide me sample search commands based on various scenarios for quick learning purpose.

Informal notes will do.

0 Karma

gcusello
Legend

Hi @amgsplunk,

good for you,

I cannot help you in search definition because I don't know your data, you should share some sample data, anyway, the chart command is the solution for your need, now you have only to find the correct main search to have as results only the events matching your conditions.

If you haven't much practice with SPL, I hint to follow the Splunk Search Tutorial (https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/WelcometotheSearchTutorial) that teach you in SPL using.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma

gcusello
Legend

Hi @amgsplunk,

the chart command is the splution for your requirement, please try something like this:

your_search
| chart count OVER Severity BY IPAddress

for more details see at https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart.

Ciao and Happy Easter.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...