Splunk Search

Expanded stacked column chart

tmortiboy
New Member

Is it possible to create a column chart that is stacked, but where each part of the stack still occupies its own column?

As Image below:

alt text

0 Karma
1 Solution

HiroshiSatoh
Champion

This is an idea.

Change the color of the bar
subtotal->White

<Search>

...|stats count by method|eval subtotal=count| accum subtotal|eval subtotal=subtotal-count|sort - method

<XML>

<option name="charting.legend.labels">[count,subtotal]</option>
<option name="charting.seriesColors">[0xFF0000,0xFFFFFF]</option>

alt text

View solution in original post

0 Karma

@tmortiboy, I have created Waterfall visualization using D3 and Splunk's Custom Visualization API. Please check it out whether it fits the need: https://splunkbase.splunk.com/app/3669/

PS: I currently have not implemented the following:
1) Tooltip (currently static label can be displayed)
2) Drilldown
3) Dynamic size (it is manual based on chart height/width right now)
4) Negative axis (can be implemented only after dynamic size is in place)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

cmerriman
Super Champion

if you're comfortable creating a custom viz, you might be able to use this as a starter:
https://www.highcharts.com/demo/waterfall/grid-light

also this app has a waterfall viz, but the last supported version is 6.4
https://splunkbase.splunk.com/app/2856/

0 Karma

HiroshiSatoh
Champion

This is an idea.

Change the color of the bar
subtotal->White

<Search>

...|stats count by method|eval subtotal=count| accum subtotal|eval subtotal=subtotal-count|sort - method

<XML>

<option name="charting.legend.labels">[count,subtotal]</option>
<option name="charting.seriesColors">[0xFF0000,0xFFFFFF]</option>

alt text

0 Karma

tmortiboy
New Member

I had thought of this, but the subtotals can still be hovered over, which is less than ideal.
Unless you know how you can disable the hover for this value?

0 Karma

tmortiboy
New Member

I ended up using this method, but it still feels a little hacky.

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...