Dashboards & Visualizations

How can I generate a Trend Indicator (arrow) in a Single Value visualization for this query from Meta Woot?

psohn5295
Loves-to-Learn

So I have a search that queries hosts that are reporting their syslogs via the Meta Hoot! application for Splunk. As of now the search is only a Single Value, however, I would like to add a trend indicator using 'timechart' for the previous 24 hours.

Here is the search string.

inputlookup meta_woot  where index=* sourcetype=syslog | stats dc(host) as "Hosts"

How can I incorporate 'timechart' to add the uptick/downtick, trend indicator?

Labels (3)
0 Karma

isoutamo
SplunkTrust
SplunkTrust
Just switch stats to timechart on your query.
R. Ismo
0 Karma

psohn5295
Loves-to-Learn

Thanks for the quick reply.

I just tried using the following to receive "no results found".

inputlookup meta_woot  where index=* sourcetype=syslog | timechart span=1d count by host

 I must be missing something.

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Just timechart spam=1d dc(host) as you have in your examples. If you are using count by host then you will get result as multivalue table which is not working with single value visualization.
0 Karma

psohn5295
Loves-to-Learn

That didn't seem to work for me 😞

Still receiving "No results found".

Any other suggestions?

Thanks for the help/input, it's very much appreciated.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...