Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to show single value in chart

allansneddon
Explorer
‎05-08-2017 01:41 AM

I currently have this query:

index="network_services" sourcetype="emails" spam_status=positive | timechart span=1d count | delta count as Delta | fillnull value=0 Delta | eval Total=count-Delta | eval percIncrDecr=(Delta/Total)*100 |

I would like my chart to show only the percIncrDecr, at the moment it shows count, delta, Total and percincrdecr. Is there a way to show only the one variable?

Cheers,

Allan

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎05-08-2017 03:01 AM

You have two options to achieve this.

1) Filter unwanted fields in SPL using fields command

 index="network_services" sourcetype="emails" spam_status=positive 
| timechart span=1d count 
| delta count as Delta 
| fillnull value=0 Delta 
| eval Total=count-Delta 
| eval percIncrDecr=(Delta/Total)*100 
| fields - count Delta Total

2) Using Chart Configuration charting.chart.fieldHideList

<option name="charting.chart.fieldHideList">["count","Delta","Total"]</option>

PS: Only advantage of the second would be that the field will be hidden fron display however, you can still code them for Chart Drilldown. If you don't need these fields at all then it is better to filter them through query in the first approach.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎05-08-2017 03:01 AM

You have two options to achieve this.

1) Filter unwanted fields in SPL using fields command

 index="network_services" sourcetype="emails" spam_status=positive 
| timechart span=1d count 
| delta count as Delta 
| fillnull value=0 Delta 
| eval Total=count-Delta 
| eval percIncrDecr=(Delta/Total)*100 
| fields - count Delta Total

2) Using Chart Configuration charting.chart.fieldHideList

<option name="charting.chart.fieldHideList">["count","Delta","Total"]</option>

PS: Only advantage of the second would be that the field will be hidden fron display however, you can still code them for Chart Drilldown. If you don't need these fields at all then it is better to filter them through query in the first approach.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...