Dashboards & Visualizations

Cumulative count and adding the events to the results overtime

deepuhassan
Explorer

Hi

i have a requirement to create a dashboard to represent total events

i have created a panel in the dashboard which refreshes for every 5 mins.

I need to add the new results to the existing count and show it on screen

i tried using streamstats and dashboard seems freezing when it tries to refresh 

any help or advise is if great help

Thanks

Sandeep

Labels (1)
0 Karma

tscroggins
Influencer

In most cases, your search time range should accommodate this directly.

For example, to show today's current count on refresh, set the time range to earliest=@d latest=now in whichever way makes sense for your dashboard:

| tstats count where sourcetype=example earliest=@d latest=now

If your solution is more complex than that, please provide an example.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...