Reputation: 1265
bar chart based on field values
An application is generating the performance log file with the following event format:
datetime sessionid requestid userid invocationTime type invocationContext
For Example:
2016-07-22T23:12:50.223 000025b98d67ed Jqpmkt1_ZVMpfmwpPeCKQIs ABCD1234 28 HTTP /mytool/samplecontext
I want to draw a bar chart for a given invocationContext. The bar chart should have number of hits as the bar height and invocationTime buckets as different bars. For example: I want to answer the following questions:
- How many hits for /mytool/samplecontext within last 4 hours had the invocationTime within 0-1000 ms.
- How many hits for /mytool/samplecontext within last 4 hours had the invocationTime within 1001-2000 ms.
And so on. Please suggest how this can be achieved. I have tried to use timechart and I can get charts based on a particular field, but I am not able to group the events in in different buckets based on a field value.
Upvotes: 2
Views: 1026
Answers (1)
Reputation: 159
There's 2 ways i've done this in the past
Rangemap
https://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/RangemapRounding (I find it presents nicer)
search ... | eval bin=round(invocationTime/1000,0) | chart count by bin invocationContext | makecontinuous bin
Upvotes: 1
Related Questions
- Splunk create Pie chart from JSON map
- Splunk - display top values for only certain fields
- Splunk charts series with multiple sections
- How to histogram a numeric variable?
- Splunk extract all values from array field
- How to convert "OR" result to line chart
- SPLUNK multi-value chart
- How to chart a search that returns event with multiple facets that have a name/result pair in Splunk
- How can one create a chart / report in Splunk which has many series? Is it possible?
- Splunk create chart of value of one field ordered by another