Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Column Chart
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pkeller
Contributor
01-31-2017
11:08 AM
My search produces output containing 5 license pool names, their configured pool size, and the volume that was indexed at the time of the rollover.
My search:
eventtype=evt-rollover-summary earliest=-1d latest=@d
| stats latest(poolsz) as "PoolSize" sum(b) as "PoolUsage" by pool
| rename pool AS "Pool Name"
| eval "Pool Size (Gb)" = round(PoolSize/1024/1024,0)
| eval "Pool Usage (Gb)" = round(PoolUsage/1024/1024,0)
| fields - PoolSize, PoolUsage
I'd like the column chart to just produce a 'dot' above the "Pool Usage (Gb)" column containing the "Pool Size (Gb)" field, but all I can seem to produce is a solid line for the overlay with nothing marking the line where the Pool Size Value is met.
Not sure what I need to choose in the Overlay section to highlight the associated Pool Size value above the Pool Usage for a given Pool.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
01-31-2017
11:36 AM
After you';ve selected the chart overlay, add following to line to your dashboard xml of the chart.
<option name="charting.chart.showMarkers">true</option>
Like this:
....
<chart>
<search>
<query>eventtype=evt-rollover-summary earliest=-1d latest=@d
| stats latest(poolsz) as "PoolSize" sum(b) as "PoolUsage" by pool
| rename pool AS "Pool Name"
| eval "Pool Size (Gb)" = round(PoolSize/1024/1024,0)
| eval "Pool Usage (Gb)" = round(PoolUsage/1024/1024,0)
| fields - PoolSize, PoolUsage
</query>
....
..
</search>
.....
<option name="charting.chart.showMarkers">true</option>
......
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
01-31-2017
11:36 AM
After you';ve selected the chart overlay, add following to line to your dashboard xml of the chart.
<option name="charting.chart.showMarkers">true</option>
Like this:
....
<chart>
<search>
<query>eventtype=evt-rollover-summary earliest=-1d latest=@d
| stats latest(poolsz) as "PoolSize" sum(b) as "PoolUsage" by pool
| rename pool AS "Pool Name"
| eval "Pool Size (Gb)" = round(PoolSize/1024/1024,0)
| eval "Pool Usage (Gb)" = round(PoolUsage/1024/1024,0)
| fields - PoolSize, PoolUsage
</query>
....
..
</search>
.....
<option name="charting.chart.showMarkers">true</option>
......
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pkeller
Contributor
01-31-2017
12:12 PM
Thank you. Works perfectly.
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
