Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is the heatmap overlay failing?

hylam
Contributor
‎11-11-2015 03:34 AM

What wrong with the "and col=9"?

heatmap overlay failed

| gentimes start="1/1/2000" end="1/2/2000" increment=1s | head 400 | streamstats current=f count | eval row=floor(count/20) | eval col=count%20 | eval value=0 | eval value=value+if(row=9 and col=9, random()%200, 0) | table col row value | eval row="row"+substr("0"+row, -2, 2) | eval col="col"+substr("0"+col, -2, 2) | chart limit=20 sum(value) by row col | fields - row

heatmap overlay succeeded

| gentimes start="1/1/2000" end="1/2/2000" increment=1s | head 400 | streamstats current=f count | eval row=floor(count/20) | eval col=count%20 | eval value=0 | eval value=value+if(row=9, random()%200, 0) | table col row value | eval row="row"+substr("0"+row, -2, 2) | eval col="col"+substr("0"+col, -2, 2) | chart limit=20 sum(value) by row col | fields - row

alt text

Preview file
39 KB
0 Karma
Reply

jluo_splunk
Splunk Employee
Splunk Employee
‎11-13-2015 11:18 AM

You'll need to capitalize AND to use it as a boolean. Otherwise, it is assumed that you are using it as a search term.

0 Karma
Reply

hylam
Contributor
‎11-13-2015 05:38 PM

row=9 and col=9
row=9 AND col=9

Both uppercase and lowercase logical AND successfully constrained the output to a single cell. Heatmap overlay failed in both cases. Have you copy & pasted the 2 searches and tried?

0 Karma
Reply

jluo_splunk
Splunk Employee
Splunk Employee
‎11-16-2015 02:55 PM

Odd. I had thought it worked with uppercase AND but it turns out I was on high/low instead of heatmap overlay. Looks like a bug.

0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...