Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need a Dashboard To show past 3 days web hits by each site and total for each day. I need output like below.

a527572
New Member
‎08-04-2016 08:25 AM

Query using :
earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A ") | chart count(JVM) over JVM by weekday|sort weekday | join JVM [ search earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | chart count(JVM) over JVM by host ]

with the Query I am using getting results like below.

Tags (1)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-04-2016 10:59 AM

The column merge (like excel) is not possible in Splunk. Give this workaround a try

earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | stats count(JVM) as count by JVM weekday host | appendpipe [| stats sum(count) as count by JVM weekday | eval host="Total"] | eval weekday=weekday.":".host
| chart sum(count) over JVM by weekday limit=0

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-04-2016 10:59 AM

The column merge (like excel) is not possible in Splunk. Give this workaround a try

earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | stats count(JVM) as count by JVM weekday host | appendpipe [| stats sum(count) as count by JVM weekday | eval host="Total"] | eval weekday=weekday.":".host
| chart sum(count) over JVM by weekday limit=0
0 Karma
Reply
Solved! Jump to solution

a527572
New Member
‎08-04-2016 11:33 AM

Thanks for the reply... I am completely new to splunk. can you explain me how to build a dashboard for the following.
• To show 24 hrs web hits report by each Host + Total
• To show past 3 days web hits by each Host and total for each day
• To show past 7 days web hits for each JVM (total only). (Not Host specific).

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-04-2016 11:44 AM

Give these a try

• To show 24 hrs web hits report by each Host + Total 

index=xyz host=l*xyz* source"xyz" earliest=-24h | stats count by host | eventstats sum(count) as Total

• To show past 3 days web hits by each Host and total for each day

earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | chart count over host by weekday

• To show past 7 days web hits for each JVM (total only). (Not Host specific).

 earliest=-7d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | chart count over JVM by weekday
0 Karma
Reply
Solved! Jump to solution

sundareshr
Legend
‎08-04-2016 10:07 AM

I think the closest you can come to that is as shown in this run anywhere sample. I am not aware of any way to merge cells they way you have it in your mock-up

index=_internal bytes=* earliest=-1d@d | eval wkday=strftime(_time, "%a") | eval sourcetype=wkday."#".sourcetype | chart min(bytes) as b over source by sourcetype
0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...