Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to pass aggregate function from drop down to time series chart

kirrusk
Communicator
‎10-23-2021 06:27 AM

Hi,

 

I'm trying to pass the aggregate function from the dropdown menu in the Splunk dashboard to the time-series chart.

for example from dropdown, I want to pass 

actual,
Avg(),
max()

to below search 

index = _internal sourcetype = * |  search field=* Exhost=*  | chart max(value) by _time,Exhost

 

 

 

Labels (5)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-23-2021 09:15 AM

Just create a dropdown with a token name, let's say, "argfunc". Then in your search do

index = _internal sourcetype = * |  search field=* Exhost=*  | chart $argfunc$(value) by _time,Exhost

 As simple as that.

Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top