Hi there,
Per the attached picture, i just put this data in Excel and got this chart out. However, i was not able to get this into Splunk. Visualization does not show me anything. Obviously, i am missing something. Please advise.
Here's the query I'm running, which generates the same results :
SELECT
TRUNC(CREATION_DATE_TIME),
COUNT(1) TOTAL_PROCESSES,
COUNT( distinct PROVIDER_name ) DISTINCT_PROVIDERS,
SUM(CASE WHEN FLAG = 'O' THEN 1 END ) OUTGOING,
SUM(CASE WHEN FLAG = 'I' THEN 1 END ) INCOMING,
FROM
GROUP BY TRUNC(CREATION_DATE_TIME)
here's what i am running in Splunk :
index="MyIndex" sourcetype="MySourceType" source="MySource"
| eval x_out=if((FLAG=="O"),1,0), x_in=if((FLAG=="I"),1,0)
| convert ctime(creation_date_time) as cdt timeformat=%m/%d/%y
| timechart span=7d dc(provider_name) by cdt
| stats sum(x_out) as Outbound sum(x_in) as Inbound dc(provider_name) as Providers
... View more