I've searched and searched on this and it's time to just ask the question.
I want to create a simple transaction count bar overlayed with the average duration line. I can do this when hard setting the transaction name.
However, when I try to generate an overlay using a dropdown of transaction names there is no overlay. I feel like I'm just not passing a correctly formatted token to charting.chart.overlayFields option.
I've tried,
- <option name="charting.chart.overlayFields">"avg(duration):" $ID$</option>
- <option name="charting.chart.overlayFields">$ID$</option>
- <option name="charting.chart.overlayFields">avg(duration): $ID$</option>
- and probably dozens more as I'm throwing darts.
Any ideas here?
It does work
See this example row/panel that creates some pseudo data and simulates what you're trying to do
<row>
<panel>
<input type="dropdown" token="func_option">
<label>Func</label>
<choice value="Func1">Func1</choice>
<choice value="Func2">Func2</choice>
<choice value="Func3">Func3</choice>
</input>
<chart>
<search>
<query>| makeresults count=1000
| eval _time=_time-random() % 3600
| eval Func=mvindex(split("Func1,Func2,Func3",","), random() % 3)
| eval duration=random() % 1000000 / 1000
| timechart fixedrange=t count avg(duration) by Func
| fields _time avg*$func_option$ count*</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">1</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.overlayFields">"avg(duration): $func_option$"</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>I can choose the Func dropdown and it will make that particular Func as the chart overlay using the token
Hi @mdunnavant ,
I noticed you were working on passing a token to chart overlay. I'm encountering a similar issue where I'm trying to pass a token value to overlay options for line chart representation over a column chart. If you've managed to achieve this, could you please share how you made it overlay with a token value? Your insights would be greatly appreciated.
My Chart and My SPL query:
SPL:
index=development sourcetype=rwa_custom_function user_action=swmfs_test ds_file=*
| eval ds_file_path=ds_path."\\".ds_file
| chart avg(ms_per_block) as avg_processing_time_per_block over ds_file_path by machine
| appendcols
[search index=development sourcetype=rwa_custom_function user_action=swmfs_test ds_file=*
| eval ds_file_path=ds_path."\\".ds_file
| stats max(block_count) as total_blocks by ds_file_path]
I need to assign the overlay field value from the line in SPL:
| chart avg(ms_per_block) as avg_processing_time_per_block over ds_file_path by machine
The reason I'm attempting to assign it as a token is that the avg_processing_time_per_block has dynamic values (sometimes it may be 10 or 12).instead of rwmini and rwws01.
Thanks In advance,
