Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a dynamic table based on one search result?

outofheapspace
Explorer
‎07-22-2015 04:03 AM

Hello,

I'm building a line graph with a field with "UsedSpaceGB" from the year 2009 until now so I can see the growth of data. That's working fine.

Now additionally, I want to build a second line. This second line should be the line of the forecast from 2009 until 2019 with a factor.
So the final graph will show the real growth and the growth estimated in 2009.

The factor is given. I can put them to a variable (eval command). The first Year is given by a search result.

Now my problem is how to create the search. I think I need to build a dynamic Table with a "loop":
Take the year 2009... add 1 Year ... do that 10 times... put it to a table... fill in the estimated time for each year based on the factor and the value from past year...

I have no idea how to do that.
Later, I want to make it more dynamic... changing the factor, changing beginning year and end year.
I want to do that with onboard tools.

Anybody out there with a hint for me?

Many thanks,
sven

Tags (3)
0 Karma
Reply

outofheapspace
Explorer
‎07-31-2015 05:11 AM

Hi,

I think trendline and timewrap are not what I need.
Also I don't want to use 3rd party.

What I did now (and solved a part of the problem):

Created some small txt-Files manually with my historical data (timestamp, and used storage).
So I'am able to get a table with the row (line from 2001 until 2014) and a second row with for each year.

With the EVAL (for converting) and DELTA command I created an new row to calculate my growth.
Also with some more EVAL and STATS I created a row to compare my growth with the market forecast (storage doubling all 2 years).

After that I placed a input field to the panel, so I can set a static value for forecast-year.
So I have all values I need to calculate the growth from 2014 to eg. 2018 or 2020, etc.

The table (and graph) goes now from year 2001 until 2014 and then the next and last row is year 2018.
So I have the right result now.

But it would be fine to see the years between 2014 and 2018 too.
I found no way to create them "dynamicly" (like a for loop).

I did't used TIMECHART, because my historical data _time has not the right stamp in SPLUNK.
I only worked with ... | CHART values(used) by mytime | ...

I created the txt files, because I startet SPLUNK in this environment after 2014.

thx,
sven

0 Karma
Reply

woodcock
Esteemed Legend
‎07-28-2015 08:23 PM

I am not sure I get what you are trying to do but I am pretty sure that you will be able to make good use of the timewrap app to do it:

https://splunkbase.splunk.com/app/1645/

0 Karma
Reply

senthilgoa
Engager
‎07-22-2015 08:06 AM

Why you go for trendline

your search| stats count by source Time| trendline sma2(count) as trend

http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Trendline

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...