Splunk Search

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

namrithadeepak
Path Finder

I would like to create a chart that looks like the mockup in the screenshot.

EXPLANATION:
I provide 2 user inputs to the chart:
1. Timeframe (5 mins, 30 mins, 60 mins)
2. Compared to (yesterday, last week, last month)

I would like to display the following as a single value (chart):
1. Average response time for the timeframe selected - This input is given by the user via Timeframe
2. Average response time over the same timeframe yesterday/last week/ last month ago - This input is given by the user via 'Compared to'
3. An arrow which indicates whether the average response time has increased or decreased

For example:
The average response time in the last 60 mins: 550 seconds
Average response time over the same time one month ago: 200 seconds
The response time has increased from 200 seconds to 550 seconds. Hence display an upward arrow.

alt text

0 Karma
1 Solution

niketn
Legend

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn
Legend

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...