Create a report from a sparkline chart
In this example, you create a report that shows the trends in the number of purchases made over time. This example uses sparkline charts. Sparklines are inline charts that appear in the search results table and are designed to display time-based trends associated with the primary key of each row.
For searches that use the stats and chart commands, you can add sparkline charts to the results table.
Prerequisite
This example requires the productName field from the Enabling field lookups section. You must complete all of those steps before continuing with this section.
Steps
- Start a new search.
- Set the time range to All time.
- Run the following search.
sourcetype=access_* status=200 action=purchase| chart sparkline(count) AS "Purchases Trend" count AS Total BY categoryId | rename categoryId AS "Category"This search uses the
chartcommand to count the number of purchases by usingaction="purchase". The search specifies the purchases made for each product by usingcategoryId. The difference is that the count of purchases is now an argument of thesparkline()function.
- Click Save As and select Report.
- In the Save Report As dialog box, for Title type
Purchasing trends. - For Description, type
Count of purchases with trending.
- Click Save.
- In the confirmation dialog box, click View.
Next step
This completes Part 6 of the Search Tutorial.
Up to now, you have saved searches as Reports. Continue to Part 7: Creating dashboards, where you learn how to save searches and reports as dashboard panels.
See also
chart command in the Search Reference
Add sparklines to your search results in the Search Manual
| Create a report from a custom chart | About dashboards |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13
Download manual
Feedback submitted, thanks!