Splunk Search

How to create single value chart based on user form inputs to display average response time, a previous time comparison, and a trending arrow?

namrithadeepak
Path Finder

I would like to create a chart that looks like the mockup in the screenshot.

EXPLANATION:
I provide 2 user inputs to the chart:
1. Timeframe (5 mins, 30 mins, 60 mins)
2. Compared to (yesterday, last week, last month)

I would like to display the following as a single value (chart):
1. Average response time for the timeframe selected - This input is given by the user via Timeframe
2. Average response time over the same timeframe yesterday/last week/ last month ago - This input is given by the user via 'Compared to'
3. An arrow which indicates whether the average response time has increased or decreased

For example:
The average response time in the last 60 mins: 550 seconds
Average response time over the same time one month ago: 200 seconds
The response time has increased from 200 seconds to 550 seconds. Hence display an upward arrow.

alt text

0 Karma
1 Solution

niketn
Legend

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn
Legend

The behavior that you need is not how Single Value trending works. Single Value trend expects a timechart command to get the stats.
So the sparkline is drawn based on time period selected. In other words, if you have to compare monthly stats your time range should be atleast more than a month.
Furhter trend indicator is set by default by Single Value based on time range selected, or else can be overridden by providing Custom Compared To option as 1 Months.

If you want the output exactly the way you have described you might have to use HTML Panels. Or multiple Single Value Indicator and/or Trend Indicator to represent each of the above visualization.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...