Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Data Sources for one panel in Dashboard Studio

darkins
Engager
a month ago

 

Using dashboard studio i have my data source for one panel then a chained datasource for another panel. The first panel is a barchart of counts by day, the second is a moving average. Trying to overlay the moving average on top of the barchart. Have done this in classic using overlays, but in studio dont know how to reference the chained datasource results in the first panel. For example my bar chart visualization code looks like this. In overlay fields i tried to explicitly reference the data source name but doesnt seem to work.

i know both queries/data sources are working as my base search works and my chained search works when show in separate panels.

{
"type": "splunk.column",
"dataSources": {
"primary": "ds_C2wKdHsA"
},
"title": "Per Day Count",
"options": {
"y": "> primary | frameBySeriesNames('NULL','_span','_spandays')",
"legendTruncation": "ellipsisOff",
"legendDisplay": "off",
"xAxisTitleVisibility": "hide",
"xAxisLabelRotation": -45,
"yAxisTitleVisibility": "hide",
"overlayFields": "$chaineddatasource_ByDayMA:result.gpsreHaltedJobsMA$",
"axisY2.enabled": true,
"dataValuesDisplay": "all"
},
"showProgressBar": false,
"showLastUpdated": false,
"context": {}
}
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
a month ago

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
a month ago

The overlay field has to be a field from the search, so you will have to combine the daily count and the moving average into a single data source.

0 Karma
Reply
Solved! Jump to solution

darkins
Engager
a month ago

not sure i can do that

using a base query and then a chained query

panel a gives me MA line

| timechart count span=1d | streamstats time_window=30d avg(count) as A | eval A=round(A,0)

 

Panel B gives me count by day bar

| timechart span=1d count(B) by B

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
a month ago

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)
0 Karma
Reply
Solved! Jump to solution

darkins
Engager
a month ago

WINNER WINNER!

Thank you very much!

 

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...