All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to enable a drop-down in a Visualization?

snehasal
Explorer
‎06-16-2017 03:50 PM

Hi Team,

I am new to Splunk and I am trying to exploit it.
I have Data which has [timestamp, WorkName ='', JobName='', Duration='']. I have 190 WorkName values and 1400 JobName Values. I am trying to visualize the runtime for WorkName. The search I have used: source="tem.log" sourcetype="Temp"| timechart avg(Duration) by WorkName.
But in the visualization, it gives me just top 10 WorkName based on highest Duration and it puts rest 180 under one roof 'Others'.
Is there any way, where in I can have drop-down to select the WorkName to display its trends?

Thanks,
Sneha

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mporath_splunk
Splunk Employee
Splunk Employee
‎06-16-2017 04:37 PM

Try using the limit parameter:

source="tem.log" sourcetype="Temp"
| timechart avg(Duration) by WorkName limit=200 useother=f

That should give you 200 separate series. One thing to consider is that there's a limit of 100 series visualized at once in a line/area chart. One way around this is to use the Trellis function if you use Splunk 6.6. That would create a separate graph for each of the 200 series that you can page through.

If you want to go down the dropdown route I'd recommend setting up a dashboard that has

  • a dropdown form input (e.g. populated by source="tem.log" sourcetype="Temp" | stats count by WorkName)
  • The visualization where you use the token from the form input to filter the visualization,

like so: 

source="tem.log" sourcetype="Temp" 
| where WorkName="$WorknameTokenFromFormInput$" 
| timechart avg(Duration) by WorkName

View solution in original post

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-16-2017 04:48 PM

Download this app and poke around:

Splunk 6.x Dashboard Examples: https://splunkbase.splunk.com/app/1603/

0 Karma
Reply
Solved! Jump to solution
Solution

mporath_splunk
Splunk Employee
Splunk Employee
‎06-16-2017 04:37 PM

Try using the limit parameter:

source="tem.log" sourcetype="Temp"
| timechart avg(Duration) by WorkName limit=200 useother=f

That should give you 200 separate series. One thing to consider is that there's a limit of 100 series visualized at once in a line/area chart. One way around this is to use the Trellis function if you use Splunk 6.6. That would create a separate graph for each of the 200 series that you can page through.

If you want to go down the dropdown route I'd recommend setting up a dashboard that has

  • a dropdown form input (e.g. populated by source="tem.log" sourcetype="Temp" | stats count by WorkName)
  • The visualization where you use the token from the form input to filter the visualization,

like so: 

source="tem.log" sourcetype="Temp" 
| where WorkName="$WorknameTokenFromFormInput$" 
| timechart avg(Duration) by WorkName
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...