Dashboards & Visualizations

Can you help me make a comparison dashboard?

sandeepmakkena
Contributor

Hello.,

I am trying to build a dashboard with Total transactions, Total Successful transactions, Total Failed transactions and a time chart with span that shows successful and failed transaction. I would like to give an option to users to pick day-to-day, week-to-week and month-to-month and also number of days or weeks or months they want to compare. Depending on the options they picked, my dashboard displays the relevant information.

Please help me figure out how to achieve this. Day-to-Day will be 7days, week-to-week will be 4weeks and month-to-month will be 4months.

You're welcome to express if there is a better ways of achieving the same outcome.

Thank you.

0 Karma

niketn
Legend

@sandeepmakkena you should explore the timewrap command (Splunk 6.5 and above). However, depending on the variation in the time overlap you can also check out the Splunk Blog to overlay two time series: https://www.splunk.com/blog/2012/02/19/compare-two-time-ranges-in-one-report.html

Be conscious of Sub Search limitations as data truncation may drop events.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

sandeepmakkena
Contributor

Thanks for the reply, but that does not answer few more questions I Have
1. Best way to display single value of each day ? Like total transactions today, yesterday and day before and so on
2. I would like to give them an option pick span depending on the time range they picked like if it's 24hrs span should display 15min or 30mins or 1hr. if the time range is more than 24hrs span options should be like 1hr etc

0 Karma

niketn
Legend

If you are showing Time Series Data One option would be to use Single Value Visualization with Trending... however, if you just want to show the total count for a day or previous day etc. You can using Splunk Post Processing Search to perform a sum() of count for a particular day (result of timechart command in the base search) and display the same in Single Value Panel (or HTML Panel).

For Post Processing Search example and Single Value Visualization, please refer to Splunk Dashboard Examples App.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...