Chart visualization

ChhayaV · ‎09-12-2013

hi,

this is my query

index=tm_idx host="server" sourcetype="TM_Test_10"  
| rex field=msg "(?i)TM1\sserver\sload\stime\s\(secs\)\s\=\s(?P<timetakentostart>\w+)" 
| where timetakentostart!="" 
| timechart sum(timetakentostart) by timetakentostart

In above chart i want to show 16:2 means count is 2 .can anyone please suggest me how can i do it ?

Thanks and Regards

ShaneNewman · ‎10-22-2013

Why not create a table below to summarize this information? Just use the base search in a search module, then use PostProcess/HiddenPostProcess for the chart and table.

ChhayaV · ‎09-18-2013

hi i need to show sum

somesoni2 · ‎09-17-2013

You can change the sum to count in timechart command. This way it will show 16:2 in tooltip but the graph will also be adjusted to show just the count on y-axis.

cramasta · ‎09-12-2013

Not sure if this can be done but you can read up on the tool tip properties here which *might allow you to do it. However if it is possible you will need to use advanced xml for your dashboard in order for it to render using flashchart instead of jschart as the doc's state jschart is not supported with the tool tip properties..

http://docs.splunk.com/Documentation/Splunk/5.0.4/Viz/CustomChartingConfig-Tooltip

Chart visualization

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life