Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Multiple Data Sources for one panel in Dashboard Studio

darkins
Engager
‎10-03-2024 03:00 AM

 

Using dashboard studio i have my data source for one panel then a chained datasource for another panel. The first panel is a barchart of counts by day, the second is a moving average. Trying to overlay the moving average on top of the barchart. Have done this in classic using overlays, but in studio dont know how to reference the chained datasource results in the first panel. For example my bar chart visualization code looks like this. In overlay fields i tried to explicitly reference the data source name but doesnt seem to work.

i know both queries/data sources are working as my base search works and my chained search works when show in separate panels.

{
"type": "splunk.column",
"dataSources": {
"primary": "ds_C2wKdHsA"
},
"title": "Per Day Count",
"options": {
"y": "> primary | frameBySeriesNames('NULL','_span','_spandays')",
"legendTruncation": "ellipsisOff",
"legendDisplay": "off",
"xAxisTitleVisibility": "hide",
"xAxisLabelRotation": -45,
"yAxisTitleVisibility": "hide",
"overlayFields": "$chaineddatasource_ByDayMA:result.gpsreHaltedJobsMA$",
"axisY2.enabled": true,
"dataValuesDisplay": "all"
},
"showProgressBar": false,
"showLastUpdated": false,
"context": {}
}
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-04-2024 12:51 AM

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-03-2024 03:38 AM

The overlay field has to be a field from the search, so you will have to combine the daily count and the moving average into a single data source.

0 Karma
Reply
Solved! Jump to solution

darkins
Engager
‎10-03-2024 05:13 PM

not sure i can do that

using a base query and then a chained query

panel a gives me MA line

| timechart count span=1d | streamstats time_window=30d avg(count) as A | eval A=round(A,0)

 

Panel B gives me count by day bar

| timechart span=1d count(B) by B

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-04-2024 12:51 AM

Try something like this

| timechart span=1d count(B) by B
| addtotals fieldname=count
| streamstats time_window=30d avg(count) as A
| eval A=round(A,0)
0 Karma
Reply
Solved! Jump to solution

darkins
Engager
‎10-04-2024 01:26 PM

WINNER WINNER!

Thank you very much!

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...