- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to create a bin of bins?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to create a bin of bins?
I need to create a "bin of bins"... in other words... each bin contains a bin. I desire to create a histogram (chart) in each bin. Why do I want to do this?
I want to apply SPLUNK to logged test data. I have thousands of events structured as follows:
TST_NAME UP_LIM LO_LIM ACT_VAL
So in my "bin of bins", the first bin holds the TST_NAME, while the second bin holds the histogram (chart) of that named bin.
Is there a way to create a bin of bins?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Lynyrd, can you add sample output data or image to explain what exactly you need? What is the query for histogram that you have? If you are on Splunk 6.6. or higher you can explore the Trellis command to split same visualization into several parts using by TST_NAME. However, community members would not be able to assist much without further details.
Refer to Trellis Layout in Splunk Documentation:
https://docs.splunk.com/Documentation/Splunk/latest/Viz/VisualizationTrellis#Trellis_layout_and_dash...
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just submitted my data again and it did not show up.... I think there is a problem with this forum. Maybe the Admin have a bug in their system
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lynyrd, your comment was sitting for Moderators to review and publish. I have done the same.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ops sorry, I see it has been posted.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just submitted my data and it did not show up.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need a histogram for each TP and there will be thousands of TP's. The database I work with has thousands of events just like you see below and I need to analyse the normal distribution of each TP to determine if there is a problem with any given TP.
TST_NAME UP_LIM LO_LIM ACTAUL
TP29 -20 20 3.7
TP29 -20 20 3.3
TP29 -20 20 -4.2
TP29 -20 20 5.1
TP29 -20 20 2.8
TP29 -20 20 -1.9
TP29 -20 20 4
TP29 -20 20 -2.2
TP30 0 5.5 5.1
TP30 0 5.5 5.36
TP30 0 5.5 4.9
TP30 0 5.5 4.89
TP30 0 5.5 5.1
TP30 0 5.5 5.2
TP31 1254 1300 1266
TP31 1254 1300 1285
TP31 1254 1300 1269
TP31 1254 1300 1292
TP31 1254 1300 1277
TP31 1254 1300 1264
TP31 1254 1300 1285
TP32 540 640 601
TP32 540 640 588
TP32 540 640 596
TP32 540 640 623
TP32 540 640 552
TP32 540 640 631
ETC
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got my UP_LIM and LO_LIM columns swapped... hey but you get the idea.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
