Solved: Search Syntax graph: Two dimensional single meas...

gunderjt · ‎03-30-2013

Sorry to bother everyone with what may end up being a very simple question but I've been pulling out my hair trying to figure out the syntax on this.

Suppose each event has two fields: ID and Action

ID,Action

1,Inject

1,Retrieve

2,Serve

3,Inject

....and so on.

I would like to know how to create a graph that looks a little like this shoddily made paint image.

Obviously the colors, positions, and labels don't matter I'm just interested in the syntax that can create a similar graph so I can tweak it from there.

Any help whatsoever would be greatly appreciated,

JTG

eashwar · ‎03-30-2013

Hello brother,

use the below search command and the chart formatting options,

| chart count over ID by Action

as a result of this you will get a table view, you have to do the charting stuff manually and save it.

go to the chart formatting options,
Chart type is BAR

then you have to select stacked mode

Stack mode is 100% STACKED

happy splunking brother,

if this helped you dont forget to vote,

yours,

eashwar raghunathan

View solution in original post

eashwar · ‎03-30-2013

Hello brother,

use the below search command and the chart formatting options,

| chart count over ID by Action

as a result of this you will get a table view, you have to do the charting stuff manually and save it.

go to the chart formatting options,
Chart type is BAR

then you have to select stacked mode

Stack mode is 100% STACKED

happy splunking brother,

if this helped you dont forget to vote,

yours,

eashwar raghunathan

gunderjt · ‎03-30-2013

That did it! Thanks a lot

Search Syntax graph: Two dimensional single measurement chart

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms