Splunk Search

making a chart

harsh1734
New Member

hi,
by running this query in search field
index="New" "Phase * ended" | table phaseinformation , phase_ended , datetime | rename datetime as DATE , phaseinformation as Phase_Info , phase_ended as Phase_End_Time | sort Phase_End_Time by desc

i got the following output

Phase_info Phase_End_Time DATE

phase 1 ended 1200 secs jul 16 12:04:44
phase 0 ended 1000 secs jul 16 11:02:48

now i can make chart of this by simply clicking on reports..but i am not able to get clear representation of phase_info on x axis and phase_end_time on y axis....
so need to make a clear graph..

Tags (1)
0 Karma

zeroactive
Path Finder

Without a larger data set to look at, and without more details about what you want, it's hard to provide direction. You could do a chart that provides the SUM or AVG (average) Phase_End_Time for each Phase_Info value, but just plotting the End Time values for the Phase_Info values isn't going to provide you any value over a table of the results.

0 Karma

linu1988
Champion

You can't do a chart to show that the event came at that time. Some numerical value is needed to plot a graph , e.g. time per phase_info. Thanks

0 Karma

kml_uvce
Builder

can you explain more...

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...