Solved: Grouping values in ranges and creating multiple fr...

sushmitha_mj · ‎05-28-2015

I want to group usage into ranges like
0-1,
1-10,
10-50 ,
50-100,
100 +
and display a bar chart with count against each of the band.
For example: 0-1 50 users, 1-10 100 users and so on...

Here is the query:

| pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage"

Thanks in Advance.

woodcock · ‎05-28-2015

You need the rangemap command:

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap

View solution in original post

woodcock · ‎05-28-2015

You need the rangemap command:

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap

sushmitha_mj · ‎05-28-2015

I tried that, but I have to give attribute name for rangemap. I do not want to classify frequency as high low or red and green. I just want to have a flexible frequency range and count against each frequency range. Could you please give me an example of how I can do this with rangemap.

Thanks.....

woodcock · ‎05-28-2015

Try this:

... | pivot Accounting Accounting sum(Input) AS "Inp" SPLITROW _time AS _time PERIOD hour | eval tot_d=round(Inp/10,2) | stats sum(tot_d) as "Usage" | rangemap field=Usage Zero=0- OneToTen=1-10 ElevenToTwenty=11-20 | stats count by range

You can also do this with the bucket command, which is more complicated and is more limited (because you have to set your ranges on a regular mathematical progression of ranges, not an arbitrary one like you appear to have).

sushmitha_mj · ‎05-28-2015

@woodcock
Works!! Awesome.. Thanks..

Grouping values in ranges and creating multiple frequency bands

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life