Splunk Search

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

namrithadeepak
Path Finder

I would like to create a chart that looks like the mockup in the screenshot.

EXPLANATION:
I provide 2 user inputs to the chart:
1. Timeframe (5 mins, 30 mins, 60 mins)
2. Compared to (yesterday, last week, last month)

I would like to display the following as a single value (chart):
1. Average response time for the timeframe selected - This input is given by the user via Timeframe
2. Average response time over the same timeframe yesterday/last week/ last month ago - This input is given by the user via 'Compared to'
3. An arrow which indicates whether the average response time has increased or decreased

For example:
The average response time in the last 60 mins: 550 seconds
Average response time over the same time one month ago: 200 seconds
The response time has increased from 200 seconds to 550 seconds. Hence display an upward arrow.

alt text

0 Karma
1 Solution

niketn
Legend

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn
Legend

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...