Splunk Search

Display 2 charts at the same timing alignment and with the same color of each series ?

sieutruc
Contributor

Hello,

I have a search like : total value of each transaction type for each business day

host="test1" sourcetype="ObjTransaction" | chart sum(TransactionValue) over BusinessDay by TransactionType

and another is number of events of each transaction type for each business day

host="test1" sourcetype="ObjTransaction" | chart count as number over BusinessDay by TransactionType

How can i display 2 colunm chars such that they have same vertical alignment basing on BusinessDay( time with unit is day) and have the same color for each TransactionType ?

For ex: In column chart of number of events of each business day,on the 10/12/2012: there are 2 transactions A and B

A has blue color and its number of events is 10, B has red color and its number of events is 20

In column chart of total value of each businessday, similarly, A, B have the same color as previous chart, means A in blue color with its value is 102$, et B in red color with its value = 80$

Tags (1)
0 Karma

sieutruc
Contributor

You can see clearly what are not lining up in 2 figures. The first is the Y axis' scale value and second is number of transaction types for each day, especially on 31/10/2012, there is no event 10 in the first figure. So how to fix X axis width for their vertical alignment, let transaction types be appearing similarly in 2 figures?

alt text

0 Karma

jonuwz
Influencer

Just tried this, provided the legends have the same text the colors should be the same in the 2 charts. The only alignment issues are because the widths of the text on the right hand side axis could be different ( which is easily remedied by moving the axis to the right )

The bigger problem would be having null values for some of the fields which would prevent the 'null columns being plotted, but you can work around this with something like :

chart sum(eval(if(isnotnull(TransactionValue),TransactionValue,0))) as TransactionValue over BusinessDay by TransactionType

Why aren't they lining up for you ?

0 Karma

jonuwz
Influencer

try doing chart limit=0 ... chart picks the top 10 by default, so if the top 10 are different in each graph, they wont match (some will be missing)

0 Karma

sieutruc
Contributor

It's good for their color in 2 figure as Splunk automatically detects them, but for alignment, you can see my extra added information with figures above

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

I'm not sure I understand you, but would:

host="test1" sourcetype="ObjTransaction"
| chart count as number, sum(TransactionValue) by BusinessDay,TransactionType

work for you?

0 Karma

sieutruc
Contributor

No, what i want is 2 column charts that have the same vertical alignment, so that i can see clearly how many event of one particular transaction type in one specific day, and its sum value corresponding.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...