Dashboards & Visualizations

category chart for discrete data set

rotten
Communicator

I have a field with a small set of possible text values.

I'd like to plot the value of that field over time.

As a first pass I used eval to convert the text values to numerical values. Then I was messing around with changing the labels when I saw on this documentation page: http://www.splunk.com/base/Documentation/4.1.7/Developer/CustomChartingConfig-AxisGrid#categoryaxes

That there was a "category" chart type. I'm curious how that sort of chart works and if I can use it to graph a string-state value.

eg:

Y-Axis values:

  • red
  • amber
  • yellow
  • green

X-Axis values:

  • timestamps

I gave it a try, but it didn't seem to work. Does it work this way? Am I reading too much into the option?

Tags (1)

dolivasoh
Contributor

Sounds like you're trying to chart OVER distinct values, use something like this.  | chart max(delay) over foo by bar

0 Karma

rotten
Communicator

Also I have another one that is either True or False. I'd like to be able to plot a square wave for the data toggling back and forth, and I'd like it to be obvious that a "0" is 'true' and a "1" is 'false'.

0 Karma

rotten
Communicator

The way I was doing it with eval, green = 0, yellow = 1, amber = 2, red = 3. Then I was timecharting max(color) for the timespan bins. However the y-axis was labeled with numbers and I'd rather have the color names there. So I was hoping I could use a category chart and skip the eval step, and graph every event (rather than bucketing the events in windows). The events aren't very frequent, so my data density is low.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Not sure I understand what the y-axis is. how would you chart "red" on an axis and distinguish it from "green". Is there a corresponding number or range that means "red", or do you want to chart the count of "red" values, "green" values, etc.?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...