Splunk® Enterprise

Search Tutorial

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Create a basic chart

In this example you compare the counts of user actions by calculating information about the actions customers have taken on the online store website.

  • The number of times each product is viewed
  • The number of times each product is added to the cart
  • The number of times each product is purchased

Prerequisite
This example requires the productName field from the Enabling field lookups section. You must complete all of those steps before continuing with this section. If you do not configure the field lookups, the searches will not produce the correct results.

Steps

  1. Start a new search.
  2. Set the time range to All time.
  3. Run the following search.

    sourcetype=access_* status=200 | chart count AS views count(eval(action="addtocart")) AS addtocart count(eval(action="purchase")) AS purchases by productName | rename productName AS "Product Name", views AS "Views", addtocart AS "Adds to Cart", purchases AS "Purchases"


    This search uses the chart command to count the number of events that are action=purchase and action=addtocart. The search then uses the rename command to rename the fields that appear in the results.

    The chart command is a transforming command. The results of the search appear on the Statistics tab.
    This screen image shows the results of running the search in a table. There are 4 columns: Product Names, Views, Adds to Cart, and Purchases.


  4. Click the Visualization tab. The search results appear in a Pie chart.
  5. Change the display to a Column chart.

    This screen image shows the Visualization tab. The results of the search are formatted as a Column chart. The Product Names are on the X axis. The Views, Adds to Cart, and Purchases values for each product are displayed as columns in the chart.

Next step

Create an overlay chart and explore visualization options

See also

chart command in the Search Reference
rename command in the Search Reference
Transforming commands in the Search Manual

Last modified on 22 April, 2019
 

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters