Reputation: 655
How can one create a chart / report in Splunk which has many series? Is it possible?
I would like to create a report / line chart in Splunk which shows mulitple series of data points for weekly loads. Below is a simple example in a spreadsheet, but I am having difficulty finding if this is even possible in Splunk and if so, how it could be implemented. I am using
"| dbquery mydatabaseconn "Select load_date, source, sum(transactions) from mytable group by load_date, source "
as my Search.
Upvotes: 0
Views: 592
Answers (1)
Reputation: 12756
This should be possible in Splunk. From the documentation chapter Data structure requirements for visualizations:
Column, line, and area charts are two-dimensional charts supporting one or more series. They plot data on a Cartesian coordinate system, working from tables that have at least two columns. In tables for column, line, and area charts, the first column contains x-axis values and subsequent columns contain y-axis values (each column represents a series).
So your data will need to look something like:
2015-10-01, 25, 17
2015-10-01, 50, 45
etc.
where column 2 represents "Source 1" and column 3 represents "Source 2".
Upvotes: 2
Related Questions
- Splunk how to display multiple stats queries in table?
- Splunk charts series with multiple sections
- Splunk: Combining multiple chart queries to get a single table
- Create Splunk Chart/Table with start and end logs to check Success/Failures
- How Can I Generate A Visualisation with Multiple Data Series In Splunk
- How to visualize splunk events as column chart
- How to Cluster and create a timechart in splunk
- Is it possible to make a dynamic splunk dashboard?
- SPLUNK multi-value chart
- Splunk - chart 2 time periods on 1 report