Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: How do you make a single value panel with sp...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UMDTERPS
Communicator
08-26-2020
12:20 PM
| inputlookup system_trending.csv
| search system = "bob"
|table date “System Score)
| fieldformat date = strftime(date, "%m/%d/%Y")
The above search creates the following statistics table for a selected system named “Bob”:
date Score
05/20/2020 10
06/20/2020 12
07/20/2020 10
08/20/2020 20
How do I make this into a single value panel with spark and trend line? If I just select the single value panel from the visualizations it just shows the date of “05/20/2020.” If I use "| timechart max(date)" I get 0 results.
Any ideas? 😀
Thanks!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-26-2020
01:35 PM
sample:
| makeresults
| eval _raw="date Score
05/20/2020 10
06/20/2020 12
07/20/2020 10
08/20/2020 20"
| multikv forceheader=1
| eval date=strptime(date,"%m/%d/%Y")
| table date Score
| rename date as _time
recommend:
| inputlookup system_trending.csv where system="bob"
| rename date as _time
| table _time Score
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-26-2020
01:35 PM
sample:
| makeresults
| eval _raw="date Score
05/20/2020 10
06/20/2020 12
07/20/2020 10
08/20/2020 20"
| multikv forceheader=1
| eval date=strptime(date,"%m/%d/%Y")
| table date Score
| rename date as _time
recommend:
| inputlookup system_trending.csv where system="bob"
| rename date as _time
| table _time Score
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UMDTERPS
Communicator
08-26-2020
01:55 PM
That works! 👍 Didn't know it would be that easy! 😀
Is there a way to prevent the number from rounding?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-26-2020
02:02 PM
>Is there a way to prevent the number from rounding?
which number?
how about modifying "Format > Number Format > Precision"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UMDTERPS
Communicator
08-26-2020
02:07 PM
Works! 😀
Get Updates on the Splunk Community!
Enterprise Security Content Update (ESCU) | New Releases
In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
(This is the first of a series of 2 blogs).
Splunk Enterprise Security is a fantastic tool that offers robust ...
Index This | What are the 12 Days of Splunk-mas?
December 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
