Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Chart overlay graphs not in sync

Norling80
Path Finder
‎05-26-2015 02:21 AM

Hey guys, does anyone of you know why this happens when on dashboard with chart overlay elements? I only experience it when I look at charts over 1 week of time.

alt text

Tags (2)
Preview file
29 KB
0 Karma
Reply

chimell
Motivator
‎05-27-2015 09:18 AM

Hi Norling80
Just copy and test this dashboard xml code 

<dashboard>
  <label>dashboard_name</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=main sourcetype="playerdata" | timechart span=1h dc(PlayerId) | appendcols [search index=main sourcetype="playerdata" ActionTaken=observe | timechart span=1h dc(PlayerId)]</query>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">true</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">area</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.chart.overlayFields">dc_with_all_ActionTaken</option>
        <option name="charting.axisTitleY.text">dc_with_one_ActionTaken</option>
      </chart>
    </panel>
  </row>
</dashboard>
0 Karma
Reply

intelsubham
Explorer
‎05-27-2015 04:27 AM

It is possible that when you are running the search for longer duration, values for some rows in one of the searches is null which is resulting in gap.
try to include fillnull at the end of both searches and run again.

index=main sourcetype="playerdata" | timechart span=1h dc(PlayerId) |fillnull value=0 | appendcols [search index=main sourcetype="playerdata" ActionTaken=observe | timechart span=1h dc(PlayerId)|fillnull value=0 ]

0 Karma
Reply

Norling80
Path Finder
‎06-01-2015 07:00 AM

I still have the same problem, at this point it seems to be a problem with the timestamp, I will look into it and update this thread.

0 Karma
Reply

MichaelPriest
Communicator
‎05-26-2015 03:15 AM

Have you got an example of the search or data?

0 Karma
Reply

Norling80
Path Finder
‎05-26-2015 11:21 PM

Here you go

index=main sourcetype="playerdata" | timechart span=1h dc(PlayerId) | appendcols [search index=main sourcetype="playerdata" ActionTaken=observe | timechart span=1h dc(PlayerId)]

0 Karma
Reply

Arun_N_007
Communicator
‎05-27-2015 12:37 AM

Hi,

Could you please have a look into the table which generated this graph?

Check whether the values are in sync??

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...