Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Data Sources for one panel in Dashboard Studio

darkins
Engager
‎10-03-2024 03:00 AM

 

Using dashboard studio i have my data source for one panel then a chained datasource for another panel. The first panel is a barchart of counts by day, the second is a moving average. Trying to overlay the moving average on top of the barchart. Have done this in classic using overlays, but in studio dont know how to reference the chained datasource results in the first panel. For example my bar chart visualization code looks like this. In overlay fields i tried to explicitly reference the data source name but doesnt seem to work.

i know both queries/data sources are working as my base search works and my chained search works when show in separate panels.

{
"type": "splunk.column",
"dataSources": {
"primary": "ds_C2wKdHsA"
},
"title": "Per Day Count",
"options": {
"y": "> primary | frameBySeriesNames('NULL','_span','_spandays')",
"legendTruncation": "ellipsisOff",
"legendDisplay": "off",
"xAxisTitleVisibility": "hide",
"xAxisLabelRotation": -45,
"yAxisTitleVisibility": "hide",
"overlayFields": "$chaineddatasource_ByDayMA:result.gpsreHaltedJobsMA$",
"axisY2.enabled": true,
"dataValuesDisplay": "all"
},
"showProgressBar": false,
"showLastUpdated": false,
"context": {}
}
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-04-2024 12:51 AM

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-03-2024 03:38 AM

The overlay field has to be a field from the search, so you will have to combine the daily count and the moving average into a single data source.

0 Karma
Reply
Solved! Jump to solution

darkins
Engager
‎10-03-2024 05:13 PM

not sure i can do that

using a base query and then a chained query

panel a gives me MA line

| timechart count span=1d | streamstats time_window=30d avg(count) as A | eval A=round(A,0)

 

Panel B gives me count by day bar

| timechart span=1d count(B) by B

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-04-2024 12:51 AM

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)
0 Karma
Reply
Solved! Jump to solution

darkins
Engager
‎10-04-2024 01:26 PM

WINNER WINNER!

Thank you very much!

 

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...