Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I display ONLY the overlay Total on a visualization?

johnward4
Communicator
‎02-06-2018 01:59 PM

I'm trying to figure out how to display just the Total for an overlay instead of displaying the value of each stacked column in my visualization. (Better illustrated in my attached photo). I'm using a | addtotals in my query that counts the "Total" value of the data which I'm showing by Month.

alt text

Preview file
28 KB
0 Karma
Reply

mdsnmss
SplunkTrust
SplunkTrust
‎02-07-2018 05:20 AM

When you use | addtotals it creates a new Total field. You should be able to reduce values over which you visualize simply by limiting the fields in the search. Try adding | fields Month Total to the end of your search. You may have to adjust for fieldnames. If that doesn't work, could you post the search you are using so we can take a closer look?

0 Karma
Reply

FrankVl
Ultra Champion
‎02-07-2018 05:53 AM

If you just want to display the totals, you can simply drop the by-clause. I think he still wants to see the detailed stacked bars though, but wants to show the numeric values only for the totals overlay. @johnward4 correct me if I'm wrong on that.
I had a quick look at the available visualization settings but can't really find a way to do that. Only options seem to be not display any numbers, display only overall min/max and display all values.

0 Karma
Reply

johnward4
Communicator
‎02-06-2018 03:07 PM

@niketnilay I noticed your informative answer on a comparable question

https://answers.splunk.com/answers/586657/how-can-i-format-a-chart-to-show-values-cleanly-wi.html

Do you know if there's a way to just represent the Total value by Month above each of my stacked columns? using minmax showed the max Total based on my search window of the past 6 months.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...