- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Scatter plot whose x axis defaults to an increment...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In Excel, it's possible to create a scatter plot and only feed in one column of data and the X axis will default as a count/frequency, incrementing from 0 to the number of values/rows being plotted. Is the same thing possible in Splunk? I'd like to feed in one field for the Y axis and have the X axis default to 0, 1, 2, 3, etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@chashi instead of performing x-axis aggregation using stats, you can use streamstats to create a counter | streamstats count as sno. Try the following run anywhere example using Splunk's internal index.
index="_internal" sourcetype=splunkd log_level!=INFO NOT (component IN ("Metrics","PeriodicHealthReporter"))
| eval event_message=substr(event_message,1,30)
| stats count by component event_message
| streamstats count as sno
| stats last(sno) as "X-Axis" max(count) as "Y-Axis" by component event_message
If you want to show all data labels on x-axis with interval of 1, you can add the following Simple XML configuration to you chart for x-axis label major unit.
<option name="charting.axisLabelsX.majorUnit">1</option>
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@chashi instead of performing x-axis aggregation using stats, you can use streamstats to create a counter | streamstats count as sno. Try the following run anywhere example using Splunk's internal index.
index="_internal" sourcetype=splunkd log_level!=INFO NOT (component IN ("Metrics","PeriodicHealthReporter"))
| eval event_message=substr(event_message,1,30)
| stats count by component event_message
| streamstats count as sno
| stats last(sno) as "X-Axis" max(count) as "Y-Axis" by component event_message
If you want to show all data labels on x-axis with interval of 1, you can add the following Simple XML configuration to you chart for x-axis label major unit.
<option name="charting.axisLabelsX.majorUnit">1</option>
| makeresults | eval message= "Happy Splunking!!!"
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
