Good Day Team,
I started reading on Splunk today and I have began my exercises. I am stuck on how to generate charts (i.e bar chart, pie chart) over a particular period of time say 30days.
e.g Count bgp errors by date by Autonomous system(AS) over the last week?
Any reference info would greatly appreciate.
Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.
i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A
And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )
Anyway, you have to create a search like this one:
index=_internal
| stats count BY sourcetype
And then you can display (and save in a dashboard) it as a table or a graphic.
Ciao.
Giuseppe
Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.
i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A
And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )
Anyway, you have to create a search like this one:
index=_internal
| stats count BY sourcetype
And then you can display (and save in a dashboard) it as a table or a graphic.
Ciao.
Giuseppe
Thank you for the prompt response @gcusello - I am going through your links.
Exactly what I needed. Thank you.
Hi masambaghost,
if this answer solves your problems, please accept and/or upvote it.
Ciao and see next time.
Giuseppe
Let me do so now - still learning, thanks man!