Dashboards & Visualizations

Trendline on column chart

ncbshiva
Communicator

Hi I want to combine two searches ,they are as below.
search 1: source="------" X_STATUS="Ended" ID_map!=" " | table ID_map,OBJID,X_COMMITTED_START_DATE,X_COMMITTED_END_DATE | eval j2=X_COMMITTED_END_DATE

| eval j1=X_COMMITTED_START_DATE
| eval d1=strptime(j1,"%d-%b-%y")
| eval d2=strptime(j2,"%d-%b-%y")
| eval diff = (d2-d1)/86400 | rename OBJID as CONTRACTID | rename ID_map as TASK_NUMBER | join TASK_NUMBER [search source="CLASSIC_TASK_NAMES1.csv"] | table TASK_GROUP,CONTRACTID,diff,FILED_ENGG_NAME | stats sum(diff) as Total,count(CONTRACTID) as Number by FILED_ENGG_NAME | eval Average=round(Total/Number,2) | rename FILED_ENGG_NAME as "FIELD ENGG NAME" | rename Average as "Average Time Taken per Order" | table "FIELD ENGG NAME","Average Time Taken per Order".
which displays in column chart as average time taken by each field engineers to complete the order.

search 2: source="------" X_STATUS="Ended" ID_map!=" " | table ID_map,OBJID,X_COMMITTED_START_DATE,X_COMMITTED_END_DATE | eval j2=X_COMMITTED_END_DATE

| eval j1=X_COMMITTED_START_DATE
| eval d1=strptime(j1,"%d-%b-%y")
| eval d2=strptime(j2,"%d-%b-%y")
| eval diff = (d2-d1)/86400 | rename OBJID as CONTRACTID | rename ID_map as TASK_NUMBER | join TASK_NUMBER [search source="CLASSIC_TASK_NAMES1.csv"] | table TASK_GROUP,CONTRACTID,diff,FILED_ENGG_NAME | stats sum(diff) as Total,count(CONTRACTID) as no by FILED_ENGG_NAME| eval avgEngi=(Total/no) | stats sum(avgEngi) as avg,count(FILED_ENGG_NAME) as cnt by FILED_ENGG_NAME | eval ThresholdClosedTime=round(avg/cnt,2) | table FILED_ENGG_NAME,ThresholdClosedTime | chart avg(ThresholdClosedTime) by FILED_ENGG_NAME | trendline ema2(avg(ThresholdClosedTime))

which gives the trend of threshold closed time.

I want to combine two searches and display the results in one chart with search1 being the column chart and search2 being the trendline on column chart.

please help me on modules and parameters to get the same and also let me know whether queries are correct.

Tags (1)
0 Karma
1 Solution

ncbshiva
Communicator






1
*
False



1
splunk.search.job
warn
True


Trendline Trail1
Engineer Performance: Avg time taken per order against comparative performance threshold

Trendline Trail1

charting.data2
charting.data0
charting.data1
charting.data1.columns
charting.chart1.data
charting.layout.axisTitles
charting.layout.charts
charting.axisTitleY.text
charting.chart2.markerSize
charting.chart1.columnAlignment
charting.data0.jobID
charting.chart2
charting.chart1
charting.chart1.stackMode
charting.chart2.data
charting.data2.columns
charting.data2.table
charting.axisTitleX.text
charting.data1.table
charting.chart2.showMarkers
charting.chart1.nullValueMode
displayRowNumbers
count


True


True
False

[0x5479AF,0xbf3030]

view
[@chart1,@chart2]
results
view
[0,1]
Engineer
@data0
5
@data2
line
stacked
column
true
0.5
Average Time Taken in Days
@data1
gaps
[@axisTitleX,@axisTitleY]
@data0
[0,2]
@data.jobID

100%



flashtimeline




flashtimeline







View solution in original post

ncbshiva
Communicator






1
*
False



1
splunk.search.job
warn
True


Trendline Trail1
Engineer Performance: Avg time taken per order against comparative performance threshold

Trendline Trail1

charting.data2
charting.data0
charting.data1
charting.data1.columns
charting.chart1.data
charting.layout.axisTitles
charting.layout.charts
charting.axisTitleY.text
charting.chart2.markerSize
charting.chart1.columnAlignment
charting.data0.jobID
charting.chart2
charting.chart1
charting.chart1.stackMode
charting.chart2.data
charting.data2.columns
charting.data2.table
charting.axisTitleX.text
charting.data1.table
charting.chart2.showMarkers
charting.chart1.nullValueMode
displayRowNumbers
count


True


True
False

[0x5479AF,0xbf3030]

view
[@chart1,@chart2]
results
view
[0,1]
Engineer
@data0
5
@data2
line
stacked
column
true
0.5
Average Time Taken in Days
@data1
gaps
[@axisTitleX,@axisTitleY]
@data0
[0,2]
@data.jobID

100%



flashtimeline




flashtimeline







Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...