Solved: Show description in legend instead of numbers

freephoneid · ‎02-21-2012

Hi,

My log snippet is as shown below:

productid=12 email=abc@gg.com
productid=13 email=pqr@aa.com
productid=14 email=xyz@cc.com

I've a timechart with below query:

index=myindex sourcetype=mylog | timechart count by productid

Now this chart shows line properly but the legend are shown with product id & its difficult to interpret those product ids via numbers.

Since there are 3 products here, it shows 3 lines with these product ids. Is there any way to show the legend as Product Name instead of product id in the right side of panel?

So, if I want to show "Product1" for 12 & "Product2" for 13 & "Product3" for 14 in the legends, how can I do that?

Any help is much appreciated!

Thanks!

imrago · ‎02-22-2012

index=myindex sourcetype=mylog | eval productname=case(productid==12,"Product1",productid==13,"Product2",productid==14,"Product3")| timechart count by productname

View solution in original post

imrago · ‎02-22-2012

index=myindex sourcetype=mylog | eval productname=case(productid==12,"Product1",productid==13,"Product2",productid==14,"Product3")| timechart count by productname

MarioM · ‎02-22-2012

the best way would be a csv fields lookup

ex:
productid,productname

12,product12

13,product13

...

then your chart would be:

index=myindex sourcetype=mylog | timechart count by productname

Show description in legend instead of numbers

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor