Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Chart visualization

ChhayaV
Communicator
‎09-12-2013 12:47 AM

hi,

this is my query 

index=tm_idx host="server" sourcetype="TM_Test_10"  
| rex field=msg "(?i)TM1\sserver\sload\stime\s\(secs\)\s\=\s(?P<timetakentostart>\w+)" 
| where timetakentostart!="" 
| timechart sum(timetakentostart) by timetakentostart

alt text

In above chart i want to show 16:2 means count is 2 .can anyone please suggest me how can i do it ?

Thanks and Regards

0 Karma
Reply

ShaneNewman
Motivator
‎10-22-2013 06:17 AM

Why not create a table below to summarize this information? Just use the base search in a search module, then use PostProcess/HiddenPostProcess for the chart and table.

0 Karma
Reply

ChhayaV
Communicator
‎09-18-2013 02:17 AM

hi i need to show sum

0 Karma
Reply

somesoni2
Revered Legend
‎09-17-2013 09:49 AM

You can change the sum to count in timechart command. This way it will show 16:2 in tooltip but the graph will also be adjusted to show just the count on y-axis.

0 Karma
Reply

cramasta
Builder
‎09-12-2013 02:03 PM

Not sure if this can be done but you can read up on the tool tip properties here which *might allow you to do it. However if it is possible you will need to use advanced xml for your dashboard in order for it to render using flashchart instead of jschart as the doc's state jschart is not supported with the tool tip properties..

http://docs.splunk.com/Documentation/Splunk/5.0.4/Viz/CustomChartingConfig-Tooltip

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...