Solved: pareto chart?

ytl · ‎10-21-2013

hi, i have some data that i would like to display a bar chart with; however, i would like the x-axis items to be ordered by the frequency of the item itself - ie a pareto chart (i would also like the accumulative on a second y-axis, but that's less important). can any one help me with this please?

my search is quite simple:

chart sum(duration) by directorate

which gives me two columns (directorate and sum(duration)) in the 'statistics' tab.

ytl · ‎10-21-2013

thanks lukejadamec: after playing around a bit with the syntax, i was able to get it working with:

chart count(duration) AS total_duration by directorate | sort -total_duration

hope this helps someone!

View solution in original post

ytl · ‎10-21-2013

thanks lukejadamec: after playing around a bit with the syntax, i was able to get it working with:

chart count(duration) AS total_duration by directorate | sort -total_duration

hope this helps someone!

ytl · ‎10-21-2013

add my search to question - thanks lukejadamec, i'm not sure how i would include the sort function into the chart...

lukejadamec · ‎10-21-2013

Can you post your search string, and have you tried sorting?

pareto chart?

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?