Solved: Alias names in chart

adityapavan18 · ‎11-01-2011

Hi

I have a bar chart (productID's mapped onto number of events).

productId's are the product codes(numbers) retrived from a field called ProID

like ProID = 1234 count = 3
ProID = 1789 count = 4

and every ProID is mapped to a Productname but not present in logs

I used (* | top ProID) by bar chart

Using basic chart diagrams i am able to build a chart where they show proper results.

My question is , Is ther any way to show ProductName instead of ProductId in the chart , i mean alias name for codes in chart

Eventhough the chart shows ProID by count, i need to show it by proName to count

lguinn2 · ‎11-01-2011

I suggest that you consider using a Lookup to retrieve the product names. You can tell Splunk to lookup a ProductName based on the ProID.

Take a look at the Lookup section in the Knowledge Management manual here

You could either build a CSV (comma separated values) file of ProID and ProductName, or you could write a script that looks up the product names.

Finally, there are lots of questions and answers about lookups in this forum, so look here if you have more questions later!

lguinn2 · ‎11-01-2011

I suggest that you consider using a Lookup to retrieve the product names. You can tell Splunk to lookup a ProductName based on the ProID.

Take a look at the Lookup section in the Knowledge Management manual here

You could either build a CSV (comma separated values) file of ProID and ProductName, or you could write a script that looks up the product names.

Finally, there are lots of questions and answers about lookups in this forum, so look here if you have more questions later!

Alias names in chart