Re: Chart visualization

ChhayaV · ‎09-12-2013

hi,

this is my query

index=tm_idx host="server" sourcetype="TM_Test_10"  
| rex field=msg "(?i)TM1\sserver\sload\stime\s\(secs\)\s\=\s(?P<timetakentostart>\w+)" 
| where timetakentostart!="" 
| timechart sum(timetakentostart) by timetakentostart

In above chart i want to show 16:2 means count is 2 .can anyone please suggest me how can i do it ?

Thanks and Regards

ShaneNewman · ‎10-22-2013

Why not create a table below to summarize this information? Just use the base search in a search module, then use PostProcess/HiddenPostProcess for the chart and table.

ChhayaV · ‎09-18-2013

hi i need to show sum

somesoni2 · ‎09-17-2013

You can change the sum to count in timechart command. This way it will show 16:2 in tooltip but the graph will also be adjusted to show just the count on y-axis.

cramasta · ‎09-12-2013

Not sure if this can be done but you can read up on the tool tip properties here which *might allow you to do it. However if it is possible you will need to use advanced xml for your dashboard in order for it to render using flashchart instead of jschart as the doc's state jschart is not supported with the tool tip properties..

http://docs.splunk.com/Documentation/Splunk/5.0.4/Viz/CustomChartingConfig-Tooltip

Chart visualization

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Join the Conversation