Splunk Search

How to capture 3 dimensions in chart/table

lubson
New Member

Hello,
I have been struggling with this for a while. I would like to create dashboard for following use case: QA dashboard which shows latest tests result. I have events in this format:

name: testA
status:  fail 
build:  387 
timestamp:  2016-05-19T04:37:00+00:00

I am not sure what would be better solution whether chart or table. Here is the dashboard I would like to create:

Table solution
Dashboard could look like this:
alt text

However, here I do not know how to create columns dynamically (for instance last 20 builds). I know I could probably do workaround and rotate the table, so I would end up with one column for latest builds. But I am worry this would reduce dashboard readability (especially because I plan to have more tables like this in one dashboard).

Chart Solution
Chart would have x-axis is build number, y-axis is set of all tests and legend has test results. Example:
alt text

I created stacked chart using this:

earliest=-14d latest=now | chart count over testSuiteBuildNumber by name

I am not sure which tool (chart, table anything else) and arguments would be best to explore and learn in order to get the result I want.
Do you have any advice?

Thank you.

0 Karma

sundareshr
Legend

Take at look at the Splunk 6.x Dashboard Examples app. There is an example for Table Cell Highlighting. See if that might work for you.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...