Scatter chart
Use a scatter chart to show relationships between discrete data points. Data point distribution can show trends or relationships across two dimensions.
Data formatting
Scatter charts work best with two data series. Use a transforming command to aggregate values. You can use the table
command with the following syntax to manage result field ordering.
... | table <marker_name_field> <x-axis_field> <y-axis_field>
Check the Statistics tab after running the search to make sure that there are three columns in the Statistics table. You can use the table
command to change the order of the columns if needed.
Configuration options
Use the Format menu to configure one or more of the following scatter chart components.
- Axis titles
- Legend placement and truncation
- Axis scale and interval values
- Axis minimum and maximum values
- Abbreviate y-axis and x-axis numerical values
Create a scatter chart
Prerequisites
Review the following details about building column and bar charts.
Steps
- Write a search that generates two data series.
- Run the search.
- Select the Statistics tab below the search bar. The statistics table here should have three columns.
- Select the Visualization tab and use the Visualization Picker to select the scatter chart visualization.
- (Optional) Use the Format menu to configure the visualization.
Example
An analyst creates a scatter chart to track recent earthquake locations, magnitude, and depth.
This search generates a Statistics table with three columns. The first column shows earthquake location values. The second column represents earthquake magnitude values, plotted on the x-axis. The third column represents earthquake depth values, plotted on the y-axis.
source="earthquake.csv" | table Region Magnitude Depth
Use Simple XML to build more complex scatter charts. For more information see the Area, Bar, Column, line, and Scatter Charts and Scatter chart specific properties entries in the Chart Configuration Reference.
Line and area charts | Bubble chart |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.3.2408, 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 9.0.2208, 8.2.2203, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!