cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sprayer122
Engager
Member since: ‎12-25-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎12-25-2018
Activity Feed
View All

How do you convert thousands to K in a column char...

by in Splunk ITSI
‎01-21-2019 08:29 AM
‎01-21-2019 08:29 AM
Hi everyone, I'm trying to make a column chart where I want to display the values with the K notation when the number is greater than 1000 please. Basically, I have a query that returns a table with two columns : month and number of events. I've figured out how to create a column with the K notation by doing this : ... | timechart span=1mon count | eval k = round(count/1000, 1) | eval k_final = tostring(k)."K" | rename k_final as "Dossiers terminés" | fields - _span k k_final | table mois_fr "Dossiers terminés" k_final The problem is that it is not possible to create a chart from string values... Has anybody got a solution please ? Thanks in advance ... View more

How do I create a stacked column chart from event ...

by in Splunk Search
‎12-25-2018 03:49 PM
‎12-25-2018 03:49 PM
Hi everybody, I have some event data that looks like the tutorial data which you can find here : https://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/GetthetutorialdataintoSplunk My data represents logs of some software that tracks the progress of customer incident cases. In this data, you have multiple fields like time (format dd/mm/YYYY hh:mm:ss), current state (like 'open'/'in progress'/'closed'), id of the case. Basically, what I want to do is to make a timechart of the number of cases that have been closed per month and to display the information of the maturity of the cases in the system like "cases that are in the system since more than 30 days" / "cases that are in the system since 15 and 30 days" etc. As I'm pretty new to Splunk, I can't figure out how to write the right query, so could you help me please ? At the moment I've got something like that : index=myindex sourcetype=* current_state="closed" | timechart count by id_case But that's pretty far from what I want to do... Thanks in advance, Regards, ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All