- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How can I get the chart to display more informatio...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have the following search:
..... | search EnterPlace | bucket _time span=7day
| stats dc(user_id) as unique_visitors by _time, world_name
| top unique_visitors, world_name limit=5 by _time
| fields _time, unique_visitors, world_name
| sort _time, -unique_visitors, world_name
The table will correctly return the results for: \ _time unique_visitors world_name
When I click on the Results chart icon, the chart comes up with columns for unique_user_visits. the date is on the x-axis. However, when I hover over the points on the chart, I don't see the value for the place_name. Is there anyway to have the chart present that information as well, in one way or another? WIthout that information, the chart is useless! We want to see the top places charted (the name of the place and the number of visitors to that place) by week
Many thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A chart with time expects a particular setup of columns.
- the first column has to be the time (_time)
- any other columns has to be from the same format (numeric) and the name of the columns will be the name of the serie.
example :
_time fieldA fieldB ... fieldZ
9/19/12 12:00:00.000 AM valueA valueB ... valueZ
9/12/12 12:00:00.000 AM valueotherA valueothervalueB ... myothervalueZ
Instead your search present the results as:
_time unique_visitors world_name
(as the top and stats generate them)
One solution is to use the chart command at the very end to change the setup of the columns.
..... | search EnterPlace | bucket _time span=7day | stats dc(user_id) as unique_visitors by _time, world_name | top unique_visitors, world_name limit=5 by _time | chart values(unique_visitors) over _time by world_name
Another solution is to replace the whole stats by a timechart span=7d ... by world_name
but it will not be compatible with the top you apply after.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A chart with time expects a particular setup of columns.
- the first column has to be the time (_time)
- any other columns has to be from the same format (numeric) and the name of the columns will be the name of the serie.
example :
_time fieldA fieldB ... fieldZ
9/19/12 12:00:00.000 AM valueA valueB ... valueZ
9/12/12 12:00:00.000 AM valueotherA valueothervalueB ... myothervalueZ
Instead your search present the results as:
_time unique_visitors world_name
(as the top and stats generate them)
One solution is to use the chart command at the very end to change the setup of the columns.
..... | search EnterPlace | bucket _time span=7day | stats dc(user_id) as unique_visitors by _time, world_name | top unique_visitors, world_name limit=5 by _time | chart values(unique_visitors) over _time by world_name
Another solution is to replace the whole stats by a timechart span=7d ... by world_name
but it will not be compatible with the top you apply after.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
