Splunk Search

Example of a bubble chart

raoul
Path Finder

Is there an example of the correct xml syntax to use to define a bubble chart in a dashboard? I cannot find one in the manuals.

Tags (2)
1 Solution

raoul
Path Finder

Managed to puzzle it out, here is my example:

    <chart>
      <searchString>
sourcetype="transactions"  
  | bucket _time span=1h
  | stats count(eval(Rsp!="00")) as declines, count by _time, Region
  | eval pct=round((declines/count) * 100, 2)
  | table Region, _time, pct, declines
      </searchString>
      <title>Percentage declines by Region, last 48h</title>
      <earliestTime>-48h@h</earliestTime>
      <latestTime>now</latestTime>
      <option name="charting.chart">bubble</option>
    </chart>

View solution in original post

woodcock
Esteemed Legend
0 Karma

raoul
Path Finder

Managed to puzzle it out, here is my example:

    <chart>
      <searchString>
sourcetype="transactions"  
  | bucket _time span=1h
  | stats count(eval(Rsp!="00")) as declines, count by _time, Region
  | eval pct=round((declines/count) * 100, 2)
  | table Region, _time, pct, declines
      </searchString>
      <title>Percentage declines by Region, last 48h</title>
      <earliestTime>-48h@h</earliestTime>
      <latestTime>now</latestTime>
      <option name="charting.chart">bubble</option>
    </chart>

renuka13
Explorer



sourcetype="E:\New Folder\voice_cdr_1mil.csv" NOT "CallingCellID" TerminationReason!=1 |
|bucket TimeStamp span=5h|
eval Base_Transceiver_Station_Code=substr(CallingCellID,11,4) |
join Base_Transceiver_Station_Code [search source="E:\New Folder\BTS_Information2.txt"] |
table TERRITORY,TimeStamp,TerminationReason

bubble

i am joining two files here and the result i need as bubble chart but i am not getting any output .. is this code is correct? please help me out

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...