1 Solution
@pavanml, you can use image sharing site like imgur and upload using image button.
In case you need multiple series values to be highlighted you can try out one of the following two options:
1) Series Compare option added in Splunk Entperise 7 (Refer to Splunk 7.0 Overview App on Splunkbase)
2) Use of Horizon Chart Custom Visualization from Splunkbase with multiple lanes and bands and single hover line
Following is the run anywhere dashboard code :
PS: 1st panel required Splunk Enterprise 7 and 2nd panel requires Horizon Chart Custom Visualization
<dashboard>
<label>Mutiple Series Tooltip</label>
<row>
<panel>
<title>Option 1 : Splunk 7 Multiple Series Compare</title>
<chart>
<search>
<query>index="_internal" sourcetype="splunkd" log_level!="INFO" earliest="-1d@d" latest="-0d@d"
| timechart span=1h count by log_level</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">1</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.overlayFields">WARN</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">seriesCompare</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Option 2 : Horizon Chart Custom Visualization</title>
<viz type="horizon_chart_app.horizon_chart">
<search>
<query>index="_internal" sourcetype="splunkd" log_level!="INFO" earliest="-1d@d" latest="-0d@d"
| timechart span=1h count by log_level</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="horizon_chart_app.horizon_chart.negativeColor">#d93f3c</option>
<option name="horizon_chart_app.horizon_chart.numBands">9</option>
<option name="horizon_chart_app.horizon_chart.positiveColor">#6db7c6</option>
<option name="horizon_chart_app.horizon_chart.relative">false</option>
<option name="horizon_chart_app.horizon_chart.showChangeInPercent">false</option>
<option name="horizon_chart_app.horizon_chart.smoothen">false</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="height">200</option>
</viz>
</panel>
</row>
</dashboard>
@pavanml, you can use image sharing site like imgur and upload using image button.
In case you need multiple series values to be highlighted you can try out one of the following two options:
1) Series Compare option added in Splunk Entperise 7 (Refer to Splunk 7.0 Overview App on Splunkbase)
2) Use of Horizon Chart Custom Visualization from Splunkbase with multiple lanes and bands and single hover line
Following is the run anywhere dashboard code :
PS: 1st panel required Splunk Enterprise 7 and 2nd panel requires Horizon Chart Custom Visualization
<dashboard>
<label>Mutiple Series Tooltip</label>
<row>
<panel>
<title>Option 1 : Splunk 7 Multiple Series Compare</title>
<chart>
<search>
<query>index="_internal" sourcetype="splunkd" log_level!="INFO" earliest="-1d@d" latest="-0d@d"
| timechart span=1h count by log_level</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">1</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.overlayFields">WARN</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">seriesCompare</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Option 2 : Horizon Chart Custom Visualization</title>
<viz type="horizon_chart_app.horizon_chart">
<search>
<query>index="_internal" sourcetype="splunkd" log_level!="INFO" earliest="-1d@d" latest="-0d@d"
| timechart span=1h count by log_level</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="horizon_chart_app.horizon_chart.negativeColor">#d93f3c</option>
<option name="horizon_chart_app.horizon_chart.numBands">9</option>
<option name="horizon_chart_app.horizon_chart.positiveColor">#6db7c6</option>
<option name="horizon_chart_app.horizon_chart.relative">false</option>
<option name="horizon_chart_app.horizon_chart.showChangeInPercent">false</option>
<option name="horizon_chart_app.horizon_chart.smoothen">false</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="height">200</option>
</viz>
</panel>
</row>
</dashboard>
