Splunk® Enterprise

Search Tutorial

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Create a report from a custom chart

In this example, you create a report that charts which products were purchased over a period of time. This example uses the timechart command and chart options to create and customize a chart.

This example uses the productName field from the Enabling field lookups section of this tutorial.
If you do not configure the field lookups, the searches in this section will not produce the correct results.

  1. Start a new search.
  2. Change the time range to All time.
  3. Run the following search.

    sourcetype=access_* | timechart count(eval(action="purchase")) by productName usenull=f useother=f

    This search uses the count() function to count the number of events that have the field action=purchase.

    The search also uses the usenull and useother arguments to ensure that the timechart command counts events that have a value for productName Events that have null values for productName are not included.

    The following table appears on the Statistics tab.

    This screen image shows the result of the search. The first column contains dates, based on the event timestamp. The remaining column labels list the names of each product.  For each date and product, the cells display a count of the number of products purchased.

  4. Click the Visualization tab.
  5. Change the chart type to a Line chart.
  6. Use the Format drop-down to format the X-Axis, Y-Axis, and Legend to produce the following chart.
    This screen image shows the following changes to the chart. The chart type is "line". The X-Axis contains a custom title "Date" and the labels are at a -45 degree angle. The Y-Axis contains a custom title "Purchases" and an Interval of 10.  The legend is positioned at the top of the chart.

    This table lists the changes made to the chart.
    Chart changes Setting or value
    Chart type Line
    X-Axis CustomTitle Date
    X-Axis Labels -45 degree angle
    Y-Axis Custom Title Purchases
    Y-Axis Interval 10
    Legend Position Top
  7. Click Save As and select Report.
    1. In the Save As Report dialog box, for Title type Product Purchases over Time.
    2. For Description, type The number of purchases for each product.
    3. For Content, select the first option Line Chart and Statistics Table.
    4. For Time Range Picker, keep the default setting Yes.
  8. Click Save.
  9. In the confirmation dialog box, click View to see the report.
    This screen image shows the saved report.

Next step

Create a report from a sparkline chart

See also

timechart command in the Search Reference
Chart overview in Dashboards and Visualizations
About reports in the Reporting Manual

Last modified on 21 May, 2019
 

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters