How to group/split stacked bar chart columns?

timo258 · ‎10-26-2022

Hi together,

I want to group my bar chart in 2 columns. In the pictures you can see how I get it done and how it should look.

reachedtarget

host=my_host index=my_index
            | stats count
            | join 
                [ search host=my_host index=my_index result.value= -1
                | stats count 
                | rename count as "Tests_Failed"] 
            | join type=left
                [ search host=my_host index=my_index result.value= 1
                | stats count
                | rename count as "Tests_Passed"]
            | join
               [search host=my_host index=my_index
               | rename result.value as isFailed
               | eval isFailed=if(isFailed=-1, 0, 1)
               | stats sum(isFailed) as testedPositive by Produktionsnummer
               | stats count(eval(testedPositive!="0")) as io count(eval(testedPositive="0")) as nio]
            | table Typ-Nummer, Tests_Failed, Tests_Passed, nio, io
            | rename Typ-Nummer AS "Product Name & Number", Tests_Passed AS "Tests Passed", Tests_Failed AS "Tests Failed", percFailed as "Percentage of Tests Failed"

I want so split it in 2 stacked columns like on the picture (Tests_Failed, Tests_Passed) and (nio, io).

Many thanks in advance!

How to group/split stacked bar chart columns?

using Splunk Enterprise

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?