Splunk® Enterprise

Search Tutorial

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Create a basic chart

In this example you compare the counts of user actions by calculating information about the actions customers have taken on the online store website.

  • The number of times each product is viewed
  • The number of times each product is added to the cart
  • The number of times each product is purchased

Prerequisite
This example requires the productName field from the Enabling field lookups section. You must complete all of those steps before continuing with this section.

Steps

  1. Start a new search.
  2. Set the time range to All time.
  3. Run the following search.

    sourcetype=access_* status=200 | chart count AS views count(eval(action="addtocart")) AS addtocart count(eval(action="purchase")) AS purchases by productName | rename productName AS "Product Name", views AS "Views", addtocart AS "Adds to Cart", purchases AS "Purchases"

    This search uses the chart command to count the number of events that are action=purchase and action=addtocart. The search then uses the rename command to rename the fields that appear in the results.
    The chart command is a transforming command. The results of the search appear on the Statistics tab.
    This screen image shows the results of running the search.
  4. Click the Visualization tab. The search results appear in a Pie chart.
  5. Change the display to a Column chart.

    This screen image shows the Visualization tab. The results of the search are formatted as a Column chart.

Next step

Create an overlay chart and explore visualization options

See also

chart command in the Search Reference
rename command in the Search Reference
Transforming commands in the Search Manual

PREVIOUS
Save and share your reports
  NEXT
Create an overlay chart and explore visualization options

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters