How to chart with multiple values on legend

Dherom · ‎09-03-2019

I want to have different values in the legend of a column and that the yaxis is a specific value of this legend.

sourcetype="securitycenter" asset=AMER_MS_SRV OR asset=EMEA_MS_SRV OR asset=APAC_MS_SRV 
|  rex field=asset "(?.*)_MS_SRV|"
|chart  eval(round(latest(crit),0)) as C by name |eval pos = case(name=="AMER","1",name=="EMEA","2",name=="APAC","3",name==name,"4") | sort pos| eval target=1 | table name, C, target

In this image I want to add Totips:totalvalue to legend and y-axis are "C".

Dherom · ‎09-05-2019

I want add another value field 'totips' (on same char) and shown multiple values on same bar and this bar evaluated with 'C' field

thanks you for you answer

Dherom · ‎09-10-2019

i want other value to highligh linked.
Example

name:AMER
C:19
totips:890

but dont shown this bar(totips) in this panel. I did trellis values but i dont order by name, order by xaxys value(totips) and i want this.

tscroggins · ‎09-10-2019

I don't think you can do this in a column chart. The tooltip HTML is created from a single series using the point value (X,Y) under the mouse pointer.

Are you open to custom solutions, or are you restricted to pure SimpleXML?

tscroggins · ‎09-03-2019

Can you clarify your question? "Totips" isn't a field in your search. If you want to display e.g. "Totips: 19" in place of "C: 19" in the tooltip, then simply replace C with Totips in your search:

How to chart with multiple values on legend

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes