Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create a triple stacked bar chart that has one column per day

SimonR2018
New Member
‎07-14-2019 08:47 PM

Hello All,

I am having difficulty in creating a triple stacked bar chart that has is displayed per day for time series

I have 3 fields in accountDetails.channel consisting of 'iPhone, web, android' i.e
ANDROID 63
IPHONE 232
WEB 45

and what I want is to create a single column with each of these fields and values per day and then create a time series for the columns values for the previous X days

spath event | search event="account:create:account:success"|dedup accountDetails.accountId | bin _time span=1d as day | convert timeformat="%Y-%m-%d" ctime(day) AS MYDay | chart count AS MYDAY by accountDetails.channel

unfortunately while i can create a single bar with the total number of accounts created I can not stack the bar per X days

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-14-2019 11:21 PM

@SimonR2018,

Try

spath event | search event="account:create:account:success"|dedup accountDetails.accountId 
| bin _time span=1d as day | convert timeformat="%Y-%m-%d" ctime(day) AS MYDay 
| chart count  over MYDay by accountDetails.channel
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-14-2019 11:21 PM

@SimonR2018,

Try

spath event | search event="account:create:account:success"|dedup accountDetails.accountId 
| bin _time span=1d as day | convert timeformat="%Y-%m-%d" ctime(day) AS MYDay 
| chart count  over MYDay by accountDetails.channel
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

SimonR2018
New Member
‎07-15-2019 04:45 PM

Thank you very much, working as requested

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...