Archive

How do I add sparkline to the search result for generating a report?

Explorer

I need to add a sparkline to the search result so that I can create a visualization of which index is reporting a spike in usage. My serach result is as follows:

earliest=-2d@d latest=-1d@d index=_internal group="per_index_thruput" | eval rmb = round(kb/1024, 2) | eval rgb = round(rmb/1024, 2) | eval mb = kb/1024 | eval gb = round(kb/1024/1024, 2) | stats sum(gb) AS "Total GB" by series | addcoltotals

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

It's a charting command, you could place it inline with your other stats command. What stat did you want to show in the sparkline?

earliest=-2d@d latest=-1d@d index=_internal group="per_index_thruput" | eval rmb = round(kb/1024, 2) | eval rgb = round(rmb/1024, 2) | eval mb = kb/1024 | eval gb = round(kb/1024/1024, 2) | stats sparkline sum(gb), sum(gb) AS "Total GB" by series | addcoltotals

http://docs.splunk.com/Documentation/Splunk/5.0/Search/Addsparklinestosearchresults

0 Karma