Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit my search to prevent my sparkline from displaying as a flat line with zeros for values?

briang67
Communicator
‎06-17-2016 02:06 PM

Hello,

I have the following search:

sourcetype=some_data | stats values(msg_type) first(_time) as start by id_field project_field interface_field | evals and lookups etc...

I would like to add a sparkline to count the individual occurrences of the project_field, however, the below results in a sparkline with a flat line with zeros for values:

sourcetype=some_data | stats values(msg_type) first(_time) as start by id_field project_field interface_field | evals and lookups etc... | stats sparkline count by project_field

When I try to add a sparkline to the beginning of the search, I'm seeing an error because the project_field is one of the grouped by fields.

Any ideas?

thanks!

Tags (3)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-19-2016 02:05 PM

A sparkline is inherently timestamp-based, yet the data you send into the sparkline has no _time field.
Think about what value you want as timestamp for the sparkline... might be the start field, might be something else... and put that into a field called _time.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...