How to format splunk graphs to show multiple lines (one line for each method)?
I am new to splunk reports, I am trying to achieve the following: I want to generate splunk logs report (graphical) for API performances with execution time on x-axis and method names on y-axis. I am trying to run following query:
cs_dataowner_id="ICTO-31263" cs_stage = UAT
| search cs_component_id="icomply-gpat-api-buslogs"
| search Action=API_PERFORMANCE
| table Message Execution_Time
| sort by Execution_Time desc
Expected line graph should show a single line for each method (API) expanding with time on x axis hence number of lines on y-axis should be equal to number of apis/methods called in that time range.
Current output: A single line on y axis for all the methods (here I have 2 apis).
I tried all the formatting options but nothing worked.
Screenshot:
Instead of piped search commands, do it all on the first line:
cs_dataowner_id="ICTO-31263" cs_stage=UAT cs_component_id="icomply-gpat-api-buslogs" Action=API_PERFORMANCE
Instead of the sort and table commands, use chart:
| chart count(Message) as Messages over Execution_Time by Message
This command graphs the number of calls to each API with Execution_Time on the X-axis and separate lines for each API (Message).
- How to determine the length of an array field in Splunk?
- Splunk query to find those final results that has events with unique combination of values of two keys in results of main search criteria
- login-info.cfg Splunk file semantic and structure
- Splunk SignalFX Synthetics: Is it possible to retrieve environment variable values in Javascript
- query splunk query joining 2 data tables
- Form a results table view from splunk multiple logs
- Exclude unnecessary logs being sent to splunk cloud platform
- How to Attach Splunk Search Results In JIra Via Terraform Automation?
- Regex Substitue only on a specific group - sedcmd (Splunk)
- Regex to only return matches when followed by a specific word
- embeding conf files into helm chart
- Splunk Logs for Faster Queries, with Category Boolean true
- How to create a timechart in splunk for the timestamp and extracted field?
- Match regex named group up until optional word
- How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
- Splunk result in Table format
- Splunk: How to compute the difference of timestamps by id?
- SPLUNK: How can I count events by location with a list of SERVERNAME's?
- How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
- Java 11 HttpClient - POST issue
- Flume sink to Splunk?
- Questions related to splunk builtin macros in correlation search
- how to send the local file using splunk forwarder docker image?
- A table of counts of http status by URL
- How do I use a specific date/time in Splunk dashboard with earliest and latest?
- Splunk - Handling a blank token for a dashboard search
- Splunk - Extracting from search results using regex and aggregates
- Splunk - Grouping by distinct field with stats of another field
- Trying to log to Splunk using logback appender
- How can I download infinite results from a Splunk Search to Export the Data