Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to append string to timechart data labels?

dzyfer
Path Finder
‎05-23-2022 01:05 AM

Hi, I have a column timechart with numerical values, and I would like to add strings, or characters, after these values, when displayed on the dashboard.

Capture.PNG

I have tried to append the string to the results themselves, but it seems like timechart is unable to populate non-numerical data.

Any help or alternative ideas on how I can achieve the above results visually? Thanks.

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-23-2022 11:20 PM

Hi @dzyfer,

you should use eval before timechart and use the by in timechart, something like this:

| eval date=strftime(_time,"%H:%M")
| eval shift = case(date="07:00","A", date="15:00","B", date="23:00","C")
| timechart span=8h aligntime=@d+7h sum(meter) AS "output" BY shift

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

dzyfer
Path Finder
‎05-23-2022 06:12 PM

Hi Giuseppe, thank you for the reply. 

My search is roughly along these lines

...
| timechart span=8h aligntime=@d+7h sum(meter) AS "output" 
| eval date=strftime(_time,"%H:%M")
| eval shift = case(date="07:00","A", date="15:00","B", date="23:00","C")
| eval "output" = 'output' + " " + shift

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-23-2022 11:20 PM

Hi @dzyfer,

you should use eval before timechart and use the by in timechart, something like this:

| eval date=strftime(_time,"%H:%M")
| eval shift = case(date="07:00","A", date="15:00","B", date="23:00","C")
| timechart span=8h aligntime=@d+7h sum(meter) AS "output" BY shift

Ciao.

Giuseppe

Reply
Solved! Jump to solution

dzyfer
Path Finder
‎05-24-2022 02:31 AM

Hi @gcusello , I made some edits to your suggestion, and have come up with satisfiable results, thank you.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-23-2022 02:13 AM

Hi @dzyfer,

could you share your search and what's the field containing the values "A", "B", "C", etc...?

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...