I want to set up a Bar graph that displays more than just the count and 1 field (only when hovering over it). For example I use:
search | stats count by Risk
This shows me the risks I have for each event.
I use this search to see results for High medium and low risks for servers with vulnerabilities.
However if I use:
search | stats count by Risk, Servers
The bar graph looks really small and almost impossible to read since it's displaying all servers and risks.
How do I set it up so it displays just the risks on the actual graph BUT also shows me the servers if I hover over my mouse to that specific bar?
@jrevolorio, Try to use the following query and create a stacked chart by editing from UI ... Format > General > Stacked Mode --> stacked
or setting the following in Simple XML
<option name="charting.chart.stackMode">stacked</option>
Following are two versions of SPLs you can try
1) Sets servers as legend and give count of Risks as stacked chart.
<YourBaseSearch>
| chart count over Risk by Servers
2) Sets Risks as legend and give count of Servers for each Risk type as stacked chart.
<YourBaseSearch>
| chart count over Risk by Servers
@jrevolorio, Try to use the following query and create a stacked chart by editing from UI ... Format > General > Stacked Mode --> stacked
or setting the following in Simple XML
<option name="charting.chart.stackMode">stacked</option>
Following are two versions of SPLs you can try
1) Sets servers as legend and give count of Risks as stacked chart.
<YourBaseSearch>
| chart count over Risk by Servers
2) Sets Risks as legend and give count of Servers for each Risk type as stacked chart.
<YourBaseSearch>
| chart count over Risk by Servers
AFAIK, there is no way to do that. But you could set up a custom drilldown such that when you click on a bar, another panel displays that shows the details.
You can see examples of this if you download the Splunk 6 Dashboards Examples app, which will also show you the code.
Or you can just look it up in the Dashboards and Visualizations manual (which I think is more work and less fun.) I have the app installed on my laptop, just so I can use it to figure out how to do cool stuff like this (and much more).