Chart - Splunk Commands Reference & Tutorials @ DevOpsSchool.com

Author

Rajesh Kumar

DevOps@RajeshKumar.xyz

Support my work @Patron!

Chart: Splunk Commands Tutorials & Reference

Commands Category: Reports

Commands: chart

Use: The chart command is a transforming command that returns your results in a table format. The results can then be used to display the data as a chart, such as a column, line, area, or pie chart. See the Visualization Reference in the Dashboards and Visualizations manual. You must specify a statistical function when you use the chart command.

Supported functions and syntax

avg()

count()

distinct_count()

estdc()

estdc_error()

exactperc<int>()

max()

median()

min()

mode()

perc<int>()

range()

stdev()

stdevp()

sum()

sumsq()

upperperc<int>()

var()

varp()

first()

last()

list()

values()

earliest()

earliest_time()

latest()

latest_time()

rate()

Example Program using tutorialdata.zip. Chart the number of different page requests, GET and POST, that occurred for each Web server.

host=homework usr=* state=* | chart count(usr) BY state
host=homework usr=* state=* | chart count(usr) BY state | rename count(usr) AS "Number of Users"

Example Program using tutorialdata.zip. Chart the number of different page requests, GET and POST, that occurred for each Web server.

sourcetype=access_* | chart count(eval(method="GET")) AS GET, count(eval(method="POST")) AS POST by host

Example Program using tutorialdata.zip. Create a chart to show the number of transactions based on their duration (in seconds).

sourcetype=access_* status=200 action=purchase | transaction clientip maxspan=10m | chart count BY duration span=log2

Example Program using tutorialdata.zip. Create a chart to show the average number of events in a transaction based on the duration of the transaction.

sourcetype=access_* status=200 action=purchase | transaction clientip maxspan=30m | chart avg(eventcount) by duration span=log2

Example Program using tutorialdata.zip. Chart how many different people bought something and what they bought at the Buttercup Games online store Yesterday.

sourcetype=access_* status=200 action=purchase | chart dc(clientip) OVER date_hour BY categoryId usenull=f

Create a chart that list the number of earthquakes, and the magnitude of each earthquake that occurred in and around Alaska. Run the search using the time range All time.

source=all_month.csv place=*alaska* mag>=3.5 | chart count BY mag place useother=f | rename mag AS Magnitude

Calculate a wide range of statistics by a specific field. Count the number of earthquakes that occurred for each magnitude range. Click the Visualization tab to see the result in a chart.

source=all_month.csv | chart count AS "Number of Earthquakes" BY mag span=1 | rename mag AS "Magnitude Range"

Avail Rajesh Kumar as trainer at 50% Discount
Puppet Online Training
Puppet Classroom TrainingEnroll Now

Author

Contents

Chart: Splunk Commands Tutorials & Reference

Commands Category: Reports

Commands: chart

Example Program using tutorialdata.zip. Chart the number of different page requests, GET and POST, that occurred for each Web server.

Example Program using tutorialdata.zip. Chart the number of different page requests, GET and POST, that occurred for each Web server.

Example Program using tutorialdata.zip. Create a chart to show the number of transactions based on their duration (in seconds).

Example Program using tutorialdata.zip. Create a chart to show the average number of events in a transaction based on the duration of the transaction.

Example Program using tutorialdata.zip. Chart how many different people bought something and what they bought at the Buttercup Games online store Yesterday.

Create a chart that list the number of earthquakes, and the magnitude of each earthquake that occurred in and around Alaska. Run the search using the time range All time.

Calculate a wide range of statistics by a specific field. Count the number of earthquakes that occurred for each magnitude range. Click the Visualization tab to see the result in a chart.