All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to combine my two search results of a chart and rangemap over time with display icons?

bkumarm
Contributor
‎12-09-2015 04:52 AM

I have two search results:
1. I have a table with list of values for products over a time range
2. I have a table with list of values plotted over field counts and uses range map.

I want to combine these two into a single view that shows time range on top and the values in the cells of the table, and then have it show colored marks for particular ranges.

any suggestions...

Example:

6/12/2015   7/12/2015   8/12/2015

prod1 0 10 100
prod2 10 15 25
prod3 100 0 100
alt text

Preview file
22 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-09-2015 06:03 AM

Look at this answered question. Let me know if this doesn't work for you

https://answers.splunk.com/answers/83206/color-in-a-table-based-on-values.html

View solution in original post

Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-09-2015 06:03 AM

Look at this answered question. Let me know if this doesn't work for you

https://answers.splunk.com/answers/83206/color-in-a-table-based-on-values.html

Reply
Solved! Jump to solution

bkumarm
Contributor
‎12-09-2015 06:15 AM

The problem is not in the color . merging the content of two tables.
i..e one table has time range as x-axis and the other has fields

basically I want to merge the output of the below two:

sourcetype=File* ID=* | dedup ID | stats count by ID| rangemap field=count low=0-100 elevated=101-1000

and 

sourcetype=File* ID=* | dedup ID | bucket span=1h _time | eval formatted_time=strftime(_time, "%c") | chart count over ID  by formatted_time
0 Karma
Reply
Solved! Jump to solution

bkumarm
Contributor
‎12-14-2015 03:05 AM

I got to a partial solution to this issue as below:
eventtype="Myevent" source="Mysource" ID=* | dedup ID | transaction ID | bin span=1d _time | eval formatted_time=strftime(_time, "%c") | eval Status="Pass" | chart values(Status) over ID by formatted_time

similarly I used other fields to plot required values.
coloring is the only challenge I have now .

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...