Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

help on trend indicator

jip31
Motivator
‎09-20-2021 09:29 AM

hi

 

I use the code below in order to display a single panel value count on the last 7 days

index=mesures sourcetype=sign  
| fields sig_id
| stats dc(sig_id)

Now, I need to change it by a trend indicator in order to  have the single panel count but also in order to have the trend for the week before the last 7 days

So you can see the code in my xml file, but I have "0" displayed in my count and obviously "0" for my trend

    <panel>
      <single>
        <search>
          <query>`index=mesures sourcetype=sign
| fields sig_id
| timechart dc(sig_id)</query>
          <earliest>-7d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="colorBy">trend</option>
        <option name="colorMode">none</option>
        <option name="drilldown">none</option>
        <option name="height">200</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x53a051","0xf8be34","0xf1813f","0xdc4e41"]</option>
        <option name="rangeValues">[0,5,10]</option>
        <option name="refresh.display">progressbar</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendInterval">-7d</option>
        <option name="underLabel">Compared to last week</option>
        <option name="useColors">1</option>
      </single>
    </panel>

So what is wrong please?

 

 

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ashvinpandey
Contributor
‎09-20-2021 09:46 AM

@jip31 Try using below search string:

index=mesures sourcetype=sign  
| timechart span=7d dc(sig_id)

you can change the timespan as per your need.

Also, If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ashvinpandey
Contributor
‎09-20-2021 09:46 AM

@jip31 Try using below search string:

index=mesures sourcetype=sign  
| timechart span=7d dc(sig_id)

you can change the timespan as per your need.

Also, If this reply helps you, an upvote would be appreciated.

0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎09-20-2021 10:40 AM

hi

thanks

I understand better why I thought my count was wrong

its a misunderstanding

as my time range is on the "last 7 days", I thought that my count will be on the "last 7 days" I can see that the count correspond to the count of the current day and the trend indicator is just the difference between the current day count and the count on the last 7 days

so I wonder if its possible to have a count on the last 7 days and a trend indicator which is the difference between this count and the count corresponding to the whole time range (30 days for example)?

because there is a logical that I dont understand. What is the interest to display a trend that compare the count done on the current day with a count done on the last7 days?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...