Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Data Sources for one panel in Dashboard Studio

darkins
Engager
‎10-03-2024 03:00 AM

 

Using dashboard studio i have my data source for one panel then a chained datasource for another panel. The first panel is a barchart of counts by day, the second is a moving average. Trying to overlay the moving average on top of the barchart. Have done this in classic using overlays, but in studio dont know how to reference the chained datasource results in the first panel. For example my bar chart visualization code looks like this. In overlay fields i tried to explicitly reference the data source name but doesnt seem to work.

i know both queries/data sources are working as my base search works and my chained search works when show in separate panels.

{
"type": "splunk.column",
"dataSources": {
"primary": "ds_C2wKdHsA"
},
"title": "Per Day Count",
"options": {
"y": "> primary | frameBySeriesNames('NULL','_span','_spandays')",
"legendTruncation": "ellipsisOff",
"legendDisplay": "off",
"xAxisTitleVisibility": "hide",
"xAxisLabelRotation": -45,
"yAxisTitleVisibility": "hide",
"overlayFields": "$chaineddatasource_ByDayMA:result.gpsreHaltedJobsMA$",
"axisY2.enabled": true,
"dataValuesDisplay": "all"
},
"showProgressBar": false,
"showLastUpdated": false,
"context": {}
}
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-04-2024 12:51 AM

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-03-2024 03:38 AM

The overlay field has to be a field from the search, so you will have to combine the daily count and the moving average into a single data source.

0 Karma
Reply
Solved! Jump to solution

darkins
Engager
‎10-03-2024 05:13 PM

not sure i can do that

using a base query and then a chained query

panel a gives me MA line

| timechart count span=1d | streamstats time_window=30d avg(count) as A | eval A=round(A,0)

 

Panel B gives me count by day bar

| timechart span=1d count(B) by B

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-04-2024 12:51 AM

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)
0 Karma
Reply
Solved! Jump to solution

darkins
Engager
‎10-04-2024 01:26 PM

WINNER WINNER!

Thank you very much!

 

0 Karma
Reply
Get Updates on the Splunk Community!

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...