- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to make the range values of gauges change dyna...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We're trying to create an interactive dashboard with gauges that dynamically change the range values depending on duration of the search in hours. We've used 10 as an upper limit for the green zone for a duration of one hour, which means that for e.g. 24 hours we want the upper limit for the green zone to be 240. The example search below shows how we imagine this could work, using the fictional hour(_time) command to count the hours of the duration of our search.
index=index1 eventtype=$field2$ status=404 | stats count as errorcount | stats count hour(_time) as hours | gauge errorcount 0 10*hours 20*hours
Obviously the search above doesn't work. Do any of you guys have a solution for this?
Thanks! Regards,
M&J
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To get the value for hours, you could use ..| eval h=strftime(_time, "%-I") | eval high=trim(h)*20 and the set the value for the range in your dashboard, you can add the following to the simple xml
<option name="charting.chart.rangeValues">$field1$</option>
where $field1$ is a token that return the ranges like this [0,300,700,1000]
The other option is to look at the rangemap command
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To get the value for hours, you could use ..| eval h=strftime(_time, "%-I") | eval high=trim(h)*20 and the set the value for the range in your dashboard, you can add the following to the simple xml
<option name="charting.chart.rangeValues">$field1$</option>
where $field1$ is a token that return the ranges like this [0,300,700,1000]
The other option is to look at the rangemap command
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! Though, either I'm using your proposed search wrong, or this is not exactly what I'm looking for. I'm looking for a value that is obtained through something like hours=$latest$-$earliest$, if this makes sense?
I have a panel in a dashboard that gets its search range from a time picker on the dashboard. In this search I want to obtain/get the duration of the search range that is sat from the time picker on the dashboard.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this
| addinfo | eval d= info_max_time - info_min_time | table info_max_time , info_min_time d
http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Addinfo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That worked perfectly, thanks!
I noticed that the addinfo command add fields to all events in the search. Isn't this a bit resource demanding considering the information I want to extract? I'm not complaining though, this solution is fine by me.
Index This | Divide 100 by half. What do you get?
Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!
Splunk and Fraud
