Splunk Search

Plot Scatter Chart based on Time


I need to plot a scatter/line chart using the below data:

Time                TransID Duration    TransStatus
10/15/2014 2:06 AM  12101   10.811      Complete
10/15/2014 4:35 AM  13102   20.703      Failed
10/15/2014 6:51 AM  17103   34.712      Incomplete

I need to plot all the values with:

X-Axis - Time

Y-Axis - Duration

Marker Color - Based on TransStatus (say Green for Completed Transactions, Red for Failed Transactions, etc)

Marker Tooltip on mouse-over will display the TransID and few other details related to the transaction, say transaction amount etc.

timechart doesn't help me, as I need to plot all the values in the table.

I have tried table, stats, xyseries combo and chart - however I couldn't get it right.

I am new to D3 viz and planning to try that to get this done.

Could someone help me on how do I achieve this.


I haven't found anything better than that:

|eval time=_time|table time Duration

Then you need to select scatter in the graph options.

But the times are in epoch.

I think it's a shame that Splunk cannot do that.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!