Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I display ONLY the overlay Total on a visualization?

johnward4
Communicator
‎02-06-2018 01:59 PM

I'm trying to figure out how to display just the Total for an overlay instead of displaying the value of each stacked column in my visualization. (Better illustrated in my attached photo). I'm using a | addtotals in my query that counts the "Total" value of the data which I'm showing by Month.

alt text

Preview file
1 KB
0 Karma
Reply

mdsnmss
SplunkTrust
SplunkTrust
‎02-07-2018 05:20 AM

When you use | addtotals it creates a new Total field. You should be able to reduce values over which you visualize simply by limiting the fields in the search. Try adding | fields Month Total to the end of your search. You may have to adjust for fieldnames. If that doesn't work, could you post the search you are using so we can take a closer look?

0 Karma
Reply

FrankVl
Ultra Champion
‎02-07-2018 05:53 AM

If you just want to display the totals, you can simply drop the by-clause. I think he still wants to see the detailed stacked bars though, but wants to show the numeric values only for the totals overlay. @johnward4 correct me if I'm wrong on that.
I had a quick look at the available visualization settings but can't really find a way to do that. Only options seem to be not display any numbers, display only overall min/max and display all values.

0 Karma
Reply

johnward4
Communicator
‎02-06-2018 03:07 PM

@niketnilay I noticed your informative answer on a comparable question

https://answers.splunk.com/answers/586657/how-can-i-format-a-chart-to-show-values-cleanly-wi.html

Do you know if there's a way to just represent the Total value by Month above each of my stacked columns? using minmax showed the max Total based on my search window of the past 6 months.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...