Splunk Search

Charts over X-days

masambaghost
Explorer

Good Day Team,

I started reading on Splunk today and I have began my exercises. I am stuck on how to generate charts (i.e bar chart, pie chart) over a particular period of time say 30days.

e.g Count bgp errors by date by Autonomous system(AS) over the last week?

Any reference info would greatly appreciate.

Tags (2)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

masambaghost
Explorer

Thank you for the prompt response @gcusello - I am going through your links.
Exactly what I needed. Thank you.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi masambaghost,
if this answer solves your problems, please accept and/or upvote it.
Ciao and see next time.
Giuseppe

0 Karma

masambaghost
Explorer

Let me do so now - still learning, thanks man!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...