Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Charts over X-days

masambaghost
Explorer
‎10-12-2019 03:01 PM

Good Day Team,

I started reading on Splunk today and I have began my exercises. I am stuck on how to generate charts (i.e bar chart, pie chart) over a particular period of time say 30days.

e.g Count bgp errors by date by Autonomous system(AS) over the last week?

Any reference info would greatly appreciate.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 03:53 AM

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 03:53 AM

Hi masambaghost,
if you want to display values (count, sum, avg ,etc...) of a field in a chart, you have to create a search and display it on a table using commands like stats or timechart or chart, etc...
When you have your table, you can display it as a graphic, Splunk interface helps you to do this.
You can create a graphic only using aggregating commands like stats or chart, not using commands like table.

i hint to follow the first Splunk tutorials:
https://www.tutorialspoint.com/splunk/index.htm
https://www.splunk.com/view/SP-CAAAH9U
https://www.youtube.com/watch?v=6lX4DOd1T-s
https://www.youtube.com/watch?v=DJ6tXTsjX_A

And Splunk training (e.g. Splunk Fundamentals I https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html )

Anyway, you have to create a search like this one:

index=_internal
| stats count BY sourcetype

And then you can display (and save in a dashboard) it as a table or a graphic.

Ciao.
Giuseppe

Reply
Solved! Jump to solution

masambaghost
Explorer
‎10-13-2019 11:29 PM

Thank you for the prompt response @gcusello - I am going through your links.
Exactly what I needed. Thank you.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-13-2019 11:55 PM

Hi masambaghost,
if this answer solves your problems, please accept and/or upvote it.
Ciao and see next time.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

masambaghost
Explorer
‎10-14-2019 03:56 AM

Let me do so now - still learning, thanks man!

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...