Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Can you help me make a comparison dashboard?

sandeepmakkena
Contributor
‎10-05-2018 06:15 AM

Hello.,

I am trying to build a dashboard with Total transactions, Total Successful transactions, Total Failed transactions and a time chart with span that shows successful and failed transaction. I would like to give an option to users to pick day-to-day, week-to-week and month-to-month and also number of days or weeks or months they want to compare. Depending on the options they picked, my dashboard displays the relevant information.

Please help me figure out how to achieve this. Day-to-Day will be 7days, week-to-week will be 4weeks and month-to-month will be 4months.

You're welcome to express if there is a better ways of achieving the same outcome.

Thank you.

0 Karma
Reply

niketn
Legend
‎10-05-2018 07:08 AM

@sandeepmakkena you should explore the timewrap command (Splunk 6.5 and above). However, depending on the variation in the time overlap you can also check out the Splunk Blog to overlay two time series: https://www.splunk.com/blog/2012/02/19/compare-two-time-ranges-in-one-report.html

Be conscious of Sub Search limitations as data truncation may drop events.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

sandeepmakkena
Contributor
‎10-05-2018 09:39 AM

Thanks for the reply, but that does not answer few more questions I Have
1. Best way to display single value of each day ? Like total transactions today, yesterday and day before and so on
2. I would like to give them an option pick span depending on the time range they picked like if it's 24hrs span should display 15min or 30mins or 1hr. if the time range is more than 24hrs span options should be like 1hr etc

0 Karma
Reply

niketn
Legend
‎10-05-2018 10:59 AM

If you are showing Time Series Data One option would be to use Single Value Visualization with Trending... however, if you just want to show the total count for a day or previous day etc. You can using Splunk Post Processing Search to perform a sum() of count for a particular day (result of timechart command in the base search) and display the same in Single Value Panel (or HTML Panel).

For Post Processing Search example and Single Value Visualization, please refer to Splunk Dashboard Examples App.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...