How to make the chart legend static?

gcescatto · ‎04-20-2018

Hey Splunk experts,

Please see if you can help me on this:
I created a choroplet map chart and it is receiving the following 3 values: 1, 3 and 5 (1 means a sad face | 3 means an OK face | 5 means a happy face).

Chart is working fine, but the legend keeps changing it's interval every new data received. Is it possible to keep the legend static?
As:

1 - 2.5: (sad face)
2.6 - 3.5: (OK face)
3.6 - 5: (happy face)

Is it possible?

woodcock · ‎04-22-2018

How are you implementing this mapping? In SPL or XML? It would help to show us the full simpleXML for a dashboard that has just this 1 panel.

gcescatto · ‎04-23-2018

Hey @woodcock!

It's in SPL:

index=msahc sourcetype=msahc_raw  | rex "(?<json_field>{[^}]+})" | mvexpand json_field | spath input=json_field | search "ERnE Dashboard" OR "HowUFeeling Survey" OR "TBO Dashboard" group="*" country="*" | eval ServerName=upper(ServerName) | rename mood as "Mood", comment as "Comment", country as "Country" | stats avg(Mood) by Country | geom geo_countries featureIdField="Country" | rename avg(Mood) as "Mood Average"

The XML for the dashboard is:

<dashboard>
  <label>Team Happiness</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" searchWhenChanged="true" token="myTime">
      <label>SELECT THE TIME RANGE:</label>
      <default>
        <earliest>-30d@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" searchWhenChanged="true" token="myLocation">
      <label>SELECT YOUR LOCATION:</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>country</fieldForLabel>
      <fieldForValue>country</fieldForValue>
      <search>
        <query>index=msahc sourcetype=msahc_raw | rex "(?&lt;json_field&gt;{[^}]+})" | mvexpand json_field | spath input=json_field | dedup country | fields country | sort country</query>
      </search>
    </input>
    <input type="dropdown" searchWhenChanged="true" token="myTeam">
      <label>SELECT YOUR TEAM:</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>group</fieldForLabel>
      <fieldForValue>group</fieldForValue>
      <search>
        <query>index=msahc sourcetype=msahc_raw | rex "(?&lt;json_field&gt;{[^}]+})" | mvexpand json_field | spath input=json_field | search country=$myLocation|s$ | dedup group | fields group | sort group</query>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <map>
        <search>
          <query>index=msahc sourcetype=msahc_raw  | rex "(?&lt;json_field&gt;{[^}]+})" | mvexpand json_field | spath input=json_field | search "ERnE Dashboard" OR "HowUFeeling Survey" OR "TBO Dashboard" group="*" country="*" | eval ServerName=upper(ServerName) | rename mood as "Mood", comment as "Comment", country as "Country" | stats avg(Mood) by Country | geom geo_countries featureIdField="Country" | rename avg(Mood) as "Mood Average"</query>
          <earliest>$myTime.earliest$</earliest>
          <latest>$myTime.latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="mapping.type">choropleth</option>
      </map>
    </panel>
  </row>
</dashboard>

How to make the chart legend static?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials