Solved: Creating a Stacked Graph (Area but coloured like b...

AccentureQBETA · ‎08-15-2012

I have the following search:

index="cms_test_1" [|inputlookup Stacked_Worse12.csv | rename FullURL as cs_uri | fields + cs_uri] sc_status=200 time<19:00:00.000 time>=07:00:00:.000 | fields  cs_uri, date | stats count by date, cs_uri

Which gives me a list of Dates, cs_uri's and their count, I would like to make a stacked graph out of this. So the legend would be the cs_uri's, X-Axis will be Dates, Y-Axis will be Count.

I've tired looking into timechart, I think I can use this, span=d, count(uri), but It does full counts for the day so far..
Example Table (Pivot Table, Excel):

Date	cs_uri1	cs_uri2	cs_uri2
11/08/2012	6	3	5
12/08/2012	7	1	4
13/08/2012	4	6	8

But I can't get timechart to work and I can't get a stacked graph looking how I would like.. Using the above data, I expect to see, 3 dates across the bottom, for each date, 3 series (values, stacked, whith different colours) either in bar form or even better as a continues area graph.

The csv inputlookup contains a list of cs_uri's i;m filtering on.

AccentureQBETA · ‎08-15-2012

Works great.

I don't know why I couldn't get it to work before 😄

View solution in original post

AccentureQBETA · ‎08-15-2012

Works great.

I don't know why I couldn't get it to work before 😄

Ayn · ‎08-15-2012

What's not working with timechart count by uri and choosing stacked mode in your chart?

Creating a Stacked Graph (Area but coloured like bar)

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability