Dashboards & Visualizations

How can I generate a Trend Indicator (arrow) in a Single Value visualization for this query from Meta Woot?

psohn5295
Loves-to-Learn

So I have a search that queries hosts that are reporting their syslogs via the Meta Hoot! application for Splunk. As of now the search is only a Single Value, however, I would like to add a trend indicator using 'timechart' for the previous 24 hours.

Here is the search string.

inputlookup meta_woot  where index=* sourcetype=syslog | stats dc(host) as "Hosts"

How can I incorporate 'timechart' to add the uptick/downtick, trend indicator?

Labels (3)
0 Karma

soutamo
SplunkTrust
SplunkTrust
Just switch stats to timechart on your query.
R. Ismo
0 Karma

psohn5295
Loves-to-Learn

Thanks for the quick reply.

I just tried using the following to receive "no results found".

inputlookup meta_woot  where index=* sourcetype=syslog | timechart span=1d count by host

 I must be missing something.

0 Karma

soutamo
SplunkTrust
SplunkTrust
Just timechart spam=1d dc(host) as you have in your examples. If you are using count by host then you will get result as multivalue table which is not working with single value visualization.
0 Karma

psohn5295
Loves-to-Learn

That didn't seem to work for me 😞

Still receiving "No results found".

Any other suggestions?

Thanks for the help/input, it's very much appreciated.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!