Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

namrithadeepak
Path Finder
‎11-16-2016 12:37 PM

I would like to create a chart that looks like the mockup in the screenshot.

EXPLANATION:
I provide 2 user inputs to the chart:
1. Timeframe (5 mins, 30 mins, 60 mins)
2. Compared to (yesterday, last week, last month)

I would like to display the following as a single value (chart):
1. Average response time for the timeframe selected - This input is given by the user via Timeframe
2. Average response time over the same timeframe yesterday/last week/ last month ago - This input is given by the user via 'Compared to'
3. An arrow which indicates whether the average response time has increased or decreased

For example:
The average response time in the last 60 mins: 550 seconds
Average response time over the same time one month ago: 200 seconds
The response time has increased from 200 seconds to 550 seconds. Hence display an upward arrow.

alt text

Preview file
37 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎11-16-2016 02:08 PM

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎11-16-2016 02:08 PM

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...