Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need a Dashboard To show past 3 days web hits by each site and total for each day. I need output like below.

a527572
New Member
‎08-04-2016 08:25 AM

Query using :
earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A ") | chart count(JVM) over JVM by weekday|sort weekday | join JVM [ search earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | chart count(JVM) over JVM by host ]

with the Query I am using getting results like below.

Tags (1)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-04-2016 10:59 AM

The column merge (like excel) is not possible in Splunk. Give this workaround a try

earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | stats count(JVM) as count by JVM weekday host | appendpipe [| stats sum(count) as count by JVM weekday | eval host="Total"] | eval weekday=weekday.":".host
| chart sum(count) over JVM by weekday limit=0

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-04-2016 10:59 AM

The column merge (like excel) is not possible in Splunk. Give this workaround a try

earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | stats count(JVM) as count by JVM weekday host | appendpipe [| stats sum(count) as count by JVM weekday | eval host="Total"] | eval weekday=weekday.":".host
| chart sum(count) over JVM by weekday limit=0
0 Karma
Reply
Solved! Jump to solution

a527572
New Member
‎08-04-2016 11:33 AM

Thanks for the reply... I am completely new to splunk. can you explain me how to build a dashboard for the following.
• To show 24 hrs web hits report by each Host + Total
• To show past 3 days web hits by each Host and total for each day
• To show past 7 days web hits for each JVM (total only). (Not Host specific).

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-04-2016 11:44 AM

Give these a try

• To show 24 hrs web hits report by each Host + Total 

index=xyz host=l*xyz* source"xyz" earliest=-24h | stats count by host | eventstats sum(count) as Total

• To show past 3 days web hits by each Host and total for each day

earliest=-3d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | chart count over host by weekday

• To show past 7 days web hits for each JVM (total only). (Not Host specific).

 earliest=-7d@d latest=@d index=xyz host=l*xyz* source"xyz" | eval weekday=strftime(_time, "%b %d, %A") | chart count over JVM by weekday
0 Karma
Reply
Solved! Jump to solution

sundareshr
Legend
‎08-04-2016 10:07 AM

I think the closest you can come to that is as shown in this run anywhere sample. I am not aware of any way to merge cells they way you have it in your mock-up

index=_internal bytes=* earliest=-1d@d | eval wkday=strftime(_time, "%a") | eval sourcetype=wkday."#".sourcetype | chart min(bytes) as b over source by sourcetype
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...