Solved: Help with creating a graph

jmac8994 · ‎06-23-2016

So this may be an easy question, but I am new at using splunk and I am trying to create a graph for the number of licences counted for the day. Currently we have a log that comes in formatted like this:

count_active_ip[13109]: licensed usage ok: licensed: 150 counted v4: 63 counted v6: 0

What I would like to do is take the V4 aspect( so in this case 63) and would like to make that in a bar graph over the next 7 days so it shows fluctuation within the week. Is there any possible way to do that? I am not sure what exactly I would put in to get the visualization to work properly.

Thank you

woodcock · ‎06-23-2016

Like this:

... | rex "licensed usage\s+(?<LicenseStatus>[^:]+):\s+licensed:\s+(?<LicenseLimit>\d+)\s+counted v4:\s+(?<LicenseCountedV4>\d+)\s+counted v6:\s+(?<LicenseCountedV6>\d+)" | timechart span=1h avg(LicenseCountedV4)

View solution in original post

woodcock · ‎06-23-2016

Like this:

... | rex "licensed usage\s+(?<LicenseStatus>[^:]+):\s+licensed:\s+(?<LicenseLimit>\d+)\s+counted v4:\s+(?<LicenseCountedV4>\d+)\s+counted v6:\s+(?<LicenseCountedV6>\d+)" | timechart span=1h avg(LicenseCountedV4)

Help with creating a graph

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio