How to get a dashboard single value visualisation ...

lmaclean · ‎11-22-2015

I have a dashboard on weekly bandwidth usage, and would like to get trending on the multiple reports that use the Single Value Visualisation to show if it was up/down from the previous week. However, not sure which command I should be using. One of my searches as an example is for avg. bandwidth per users:

... | stats sum(bandwidth_total) as Bandwidth by user
| stats avg(Bandwidth) as Bandwidth
| eval Bandwidth = tostring(Bandwidth,"commas")

Time range: Previous Week

I know the Enterprise Security app has an arrow for trending for real-time/historic data, but how do I do this in the normal search app?

MuS · ‎11-22-2015

Hi lmaclean,

download the dashboard example app https://splunkbase.splunk.com/app/1603/ and check out the dashboard /en-US/app/simple_xml_examples/simple_single or /en-US/app/simple_xml_examples/simple_single_color to see how this is done.

Hope this helps ...

cheers, MuS

MuS · ‎11-22-2015

The later one is only for Splunk 6.3 available, the former started at Splunk 6.0

How to get a dashboard single value visualisation to show how data is trending from the previous week?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation