Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make the range values of gauges change dynamically based on the duration of the search in hours?

hettervik
Builder
‎12-02-2015 06:33 AM

Hi,

We're trying to create an interactive dashboard with gauges that dynamically change the range values depending on duration of the search in hours. We've used 10 as an upper limit for the green zone for a duration of one hour, which means that for e.g. 24 hours we want the upper limit for the green zone to be 240. The example search below shows how we imagine this could work, using the fictional hour(_time) command to count the hours of the duration of our search.

index=index1 eventtype=$field2$ status=404 | stats count as errorcount | stats count hour(_time) as hours | gauge errorcount 0 10*hours 20*hours

Obviously the search above doesn't work. Do any of you guys have a solution for this?

Thanks! Regards,
M&J

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-02-2015 06:59 AM

To get the value for hours, you could use ..| eval h=strftime(_time, "%-I") | eval high=trim(h)*20 and the set the value for the range in your dashboard, you can add the following to the simple xml

<option name="charting.chart.rangeValues">$field1$</option>

where $field1$ is a token that return the ranges like this [0,300,700,1000]

The other option is to look at the rangemap command

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-02-2015 06:59 AM

To get the value for hours, you could use ..| eval h=strftime(_time, "%-I") | eval high=trim(h)*20 and the set the value for the range in your dashboard, you can add the following to the simple xml

<option name="charting.chart.rangeValues">$field1$</option>

where $field1$ is a token that return the ranges like this [0,300,700,1000]

The other option is to look at the rangemap command

0 Karma
Reply
Solved! Jump to solution

hettervik
Builder
‎12-03-2015 12:25 AM

Thanks! Though, either I'm using your proposed search wrong, or this is not exactly what I'm looking for. I'm looking for a value that is obtained through something like hours=$latest$-$earliest$, if this makes sense?

I have a panel in a dashboard that gets its search range from a time picker on the dashboard. In this search I want to obtain/get the duration of the search range that is sat from the time picker on the dashboard.

0 Karma
Reply
Solved! Jump to solution

sundareshr
Legend
‎12-03-2015 12:33 AM

Try this

| addinfo | eval d= info_max_time - info_min_time | table info_max_time , info_min_time d

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Addinfo

Reply
Solved! Jump to solution

hettervik
Builder
‎12-03-2015 01:03 AM

That worked perfectly, thanks!

I noticed that the addinfo command add fields to all events in the search. Isn't this a bit resource demanding considering the information I want to extract? I'm not complaining though, this solution is fine by me.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...