如何在具有多个系列的 Splunk 中创建图表/报告?是否可以?
How can one create a chart / report in Splunk which has many series? Is it possible?
我想在 Splunk 中创建一个报告/折线图,它显示每周负载的多个系列数据点。下面是电子表格中的一个简单示例,但我很难确定这在 Splunk 中是否可行,如果可行,如何实现。我正在使用
"| dbquery mydatabaseconn "Select load_date, source, sum(transactions) from mytable group by load_date, source "
作为我的搜索。
这在 Splunk 中应该是可能的。来自文档章节 Data structure requirements for visualizations:
Column, line, and area charts are two-dimensional charts supporting
one or more series. They plot data on a Cartesian coordinate system,
working from tables that have at least two columns. In tables for
column, line, and area charts, the first column contains x-axis values
and subsequent columns contain y-axis values (each column represents a
series).
因此您的数据需要类似于:
2015-10-01, 25, 17
2015-10-01, 50, 45
etc.
其中第 2 列表示 "Source 1",第 3 列表示 "Source 2"。
我想在 Splunk 中创建一个报告/折线图,它显示每周负载的多个系列数据点。下面是电子表格中的一个简单示例,但我很难确定这在 Splunk 中是否可行,如果可行,如何实现。我正在使用
"| dbquery mydatabaseconn "Select load_date, source, sum(transactions) from mytable group by load_date, source "
作为我的搜索。
这在 Splunk 中应该是可能的。来自文档章节 Data structure requirements for visualizations:
Column, line, and area charts are two-dimensional charts supporting one or more series. They plot data on a Cartesian coordinate system, working from tables that have at least two columns. In tables for column, line, and area charts, the first column contains x-axis values and subsequent columns contain y-axis values (each column represents a series).
因此您的数据需要类似于:
2015-10-01, 25, 17
2015-10-01, 50, 45
etc.
其中第 2 列表示 "Source 1",第 3 列表示 "Source 2"。