I would like to create a graph that would show values compared from an initial source.
Here's an example:
[file1.txt's content] value1,name1 value1,name2 value1,name3 value2,name1 value2,name2 value2,name3 value3,name1 value3,name2 value3,name3
[file2.txt's content] value1,name1 value1,name2 value2,name2 value2,name3 value3,name2 value3,name3
[file3.txt's content] value1,name2 value2,name2
I would like to show on a bar/line graph the number per value.
the number per value
index=your_index_naume source=file*.txt | chart count as numbers by value
or
index=your_index_naume source=file*.txt | eval number=value|chart c(number) as numbers by value
after search you select a bar/line graph.
I'm not sure I understand, but assuming you've defined for each source/sourcetype fields named value
and name
for each respective column in the data, seems like one of the following:
source=file*.txt | chart count(name) by value
source=file*.txt | chart distinct_count(name) by value
source=file*.txt | chart count by name,value
would do it.
The chart command will take the N values of the 'value' field and create N new columns in the results for them. the stats command will instead give one 3-cell row for each unique combination.
Bottom line: if it turns out you want a table that has 3 columns: name, value, and count, then you'd want
stats count by name, value