Solved: Creating a Stacked Graph (Area but coloured like b...

AccentureQBETA · ‎08-15-2012

I have the following search:

index="cms_test_1" [|inputlookup Stacked_Worse12.csv | rename FullURL as cs_uri | fields + cs_uri] sc_status=200 time<19:00:00.000 time>=07:00:00:.000 | fields  cs_uri, date | stats count by date, cs_uri

Which gives me a list of Dates, cs_uri's and their count, I would like to make a stacked graph out of this. So the legend would be the cs_uri's, X-Axis will be Dates, Y-Axis will be Count.

I've tired looking into timechart, I think I can use this, span=d, count(uri), but It does full counts for the day so far..
Example Table (Pivot Table, Excel):

Date	cs_uri1	cs_uri2	cs_uri2
11/08/2012	6	3	5
12/08/2012	7	1	4
13/08/2012	4	6	8

But I can't get timechart to work and I can't get a stacked graph looking how I would like.. Using the above data, I expect to see, 3 dates across the bottom, for each date, 3 series (values, stacked, whith different colours) either in bar form or even better as a continues area graph.

The csv inputlookup contains a list of cs_uri's i;m filtering on.

AccentureQBETA · ‎08-15-2012

Works great.

I don't know why I couldn't get it to work before 😄

View solution in original post

AccentureQBETA · ‎08-15-2012

Works great.

I don't know why I couldn't get it to work before 😄

Ayn · ‎08-15-2012

What's not working with timechart count by uri and choosing stacked mode in your chart?

Creating a Stacked Graph (Area but coloured like bar)

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life