Splunk query for simple bar chart dashboard

0
votes

I am getting data from snowflake in to Splunk using Splunk DB Connect. This is just 4 lines of data for a demo purpose. Below is Splunk data ( SELECT * FROM example_database. table)

EMP_ID  EMP_NAME  EMP_SALARY
    1   John    3000
    2    Greg   3200
    3    Peter  1200
    4    Mark   2000

I want to create a simple bar dashboard in Splunk which display emp_name and emp_salary on x and y axis respectively. I am using following query in Slplunk search and reporting

source="check" "EMP_NAME" "EMP_SALARY" | top EMP_SALARY

But its showing me bar with equal hights (Should be of different heights as salaries are different). Any suggestion what I am doing wrong in query? Thanks for the help :)

1
data-visualizationsplunksplunk-query

1 Answers

0
votes

The top command sees four salaries with one person earning each so they're each 25%. That's why the graph is flat, but that's OK because top is not what is needed here. Use top when you want to find the most common values of a field or set of fields. Be aware that top also discards fields so use with caution. For graphing, try the chart command, instead.

|  makeresults 
|  eval _raw="EMP_ID  EMP_NAME  EMP_SALARY
    1   John    3000
    2   Greg   3200
    3   Peter  1200
    4   Mark   2000" 
| multikv forceheader=1
| chart max(EMP_SALARY) as EMP_SALARY over EMP_NAME