- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Why is my column chart not displaying any data...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is my column chart not displaying any data even though it is setup correctly?
Here is my search query:
index=jenkins* job_name="jenkins-representative-jobs_github_organization/math_utilities/master" event_tag=job_event (type=started OR type=completed) | dedup build_number | eval build_duration = job_duration - queue_time - 'test_summary.duration' | chart count by build_duration | fields build_number job_duration queue_time test_summary.duration
And here is a link to the chart to get an idea of what I'm seeing. https://imgur.com/a/2HcyE
Basically, the chart template is being created perfectly, but no data is filling it. Any help?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @cdgill,
It's due to permission issue in your automatic lookup- pan_vendor_info_lookup
Change its permission to global :
In UI go to Settings>>Lookup>>Automatic lookups>> change sharing permission of pan_vendor_info_lookup so that it will be available in your query.
Hope this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@cdgill,
have you tried this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, that changed nothing though sadly.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After your chart command, only field available are build_duration and count. You field command is trying to output fields that doesn't exist hence no chart data is shown. Get rid of last fields command to see some data there (plotting count of events for each value of build_duration.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That does show me some data, but I'm trying to have it show me a breakdown the queue, build, and test times. How can I get those values to show up?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want time to be on the Y-Axis and the individual build number to be on the X-Axis.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about this?
index=jenkins* job_name="jenkins-representative-jobs_github_organization/math_utilities/master" event_tag=job_event (type=started OR type=completed) | dedup build_number | eval build_duration = job_duration - queue_time - 'test_summary.duration' | table build_number build_duration
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That pretty much works perfectly thank you! Now my only remaining issue seems to be with test_summary.duration. If I end with this table build_number build_duration queue_time 'test_summary.duration'
everything shows up fine except there are no values in the chart or table for test_summary. However if I remove the single quotes around it all those values will appear, but build_duration will disappear. I assume it has something to do with it being a string for some reason, but I don't know the workaround.
Wondering How to Build Resiliency in the Cloud?
Updated Data Management and AWS GDI Inventory in Splunk Observability
Introducing the Splunk Community Dashboard Challenge!
