Dashboards & Visualizations

How to Display Trend Indicator for Single Values and Displaying the Average

aditsss
Motivator

Hi All,

I have one requirement .

Below is my query :

index="abc" sourcetype="xyz" id="*-develop--system" (OrgFolderName ="gcp") bugs="*" | table bugs _time| sort _time

bugs               | _time
1110                     2021-01-11 13:11:04
2301                       2021-01-12 13:12:52
4556                      2021-01-13 13:09:32
1009                       2021-01-14 13:10:31
3214                    2021-01-15 13:11:12
5005                       2021-01-16 13:09:23
3009                         2021-01-17 13:09:58

My requirement is I want to display the the data in single value format with trend Indicator.
Suppose I select yesterday so it should show 3009 as the value.

Now suppose I select last 7 days so it should show the average of bugs in single value and trend Indicator for first value and last value.

Can someone guide me what changes I need to make in my query.

Labels (3)
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @aditsss,

Single value visualization cannot show trend based on a field other than the displayed one. If you want to show average value, trend will be shown based on this value. It is not possible to show average while calculating the trend based on first and last values.

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

aditsss
Motivator
Can someone please guide me on this.
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...