Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Display TV guide style UI in dashboard

prashantku
New Member
‎03-08-2020 11:44 AM

I am new to Splunk and I need to display my data in typical TV guide format.

X axis is list of channels
Y axis is timeline with scroll bar to go left and right of the current time.
Each row of the line is a variable length rectangles that show the program.

What is the best way to achieve this in splunk dashboard?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anmolpatel
Builder
‎03-08-2020 07:13 PM

1) Install the Event Timeline Viz
https://splunkbase.splunk.com/app/4370/

2) Here is a sample query. After execution, go to Visualisation, and select Event Timeline Viz. You will see the result displayed like a TV guide.

| makeresults 
| eval raw = "Channel1%Show1%6:00:00 PM%7:00:00 PM;Channel1%Show2%7:00:00 PM%8:00:00 PM;Channel1%Show3%8:00:00 PM%9:00:00 PM;Channel2%ShowA%5:00:00 PM%6:00:00 PM;Channel2%ShowB%6:00:00 PM%6:30:00 PM;Channel2%ShowC%6:30:00 PM%8:00:00 PM;Channel3%ShowA%7:00:00 PM%8:00:00 PM;Channel3%ShowB%8:00:00 PM%8:30:00 PM;Channel3%ShowC%8:30:00 PM%9:00:00 PM" 
| makemv raw delim=";" 
| mvexpand raw 
| rex field=raw "(?P<Channel>[^\%]+)%(?P<Show>[^\%]+)%(?P<Start_Time>[^\%]+)%(?P<Finish_Time>[^\%]+)"
| eval time_1 = strptime(Start_Time, "%H:%M:%S %p")
| eval time_2 = strptime(Finish_Time, "%H:%M:%S %p")
| eval duration = time_2 - time_1
| eval group = Channel, label = Show, start = time_1, end = time_2, tooltip = Show
| table group, label, start, end, tooltip

alt text

View solution in original post

Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution
Solution

anmolpatel
Builder
‎03-08-2020 07:13 PM

1) Install the Event Timeline Viz
https://splunkbase.splunk.com/app/4370/

2) Here is a sample query. After execution, go to Visualisation, and select Event Timeline Viz. You will see the result displayed like a TV guide.

| makeresults 
| eval raw = "Channel1%Show1%6:00:00 PM%7:00:00 PM;Channel1%Show2%7:00:00 PM%8:00:00 PM;Channel1%Show3%8:00:00 PM%9:00:00 PM;Channel2%ShowA%5:00:00 PM%6:00:00 PM;Channel2%ShowB%6:00:00 PM%6:30:00 PM;Channel2%ShowC%6:30:00 PM%8:00:00 PM;Channel3%ShowA%7:00:00 PM%8:00:00 PM;Channel3%ShowB%8:00:00 PM%8:30:00 PM;Channel3%ShowC%8:30:00 PM%9:00:00 PM" 
| makemv raw delim=";" 
| mvexpand raw 
| rex field=raw "(?P<Channel>[^\%]+)%(?P<Show>[^\%]+)%(?P<Start_Time>[^\%]+)%(?P<Finish_Time>[^\%]+)"
| eval time_1 = strptime(Start_Time, "%H:%M:%S %p")
| eval time_2 = strptime(Finish_Time, "%H:%M:%S %p")
| eval duration = time_2 - time_1
| eval group = Channel, label = Show, start = time_1, end = time_2, tooltip = Show
| table group, label, start, end, tooltip

alt text

Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎03-08-2020 10:53 PM

@prashantku you can try out Timeline Custom Visualization built by Splunk.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎03-08-2020 01:44 PM

timechart will give you a timeline on the x axis and data on the y axis. The transpose command will swap those. Perhaps that will get you going in the right direction. If not, please elaborate on what you want and include some sample data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...