Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set the Trend indicator to show the increase and decrease in count over the period.

aditsss
Motivator
‎09-14-2020 02:51 PM

Hi Everyone,

I have one dashboard which consists of several panels . Like LOGIN,TIMEOUT.

I want to display the Trend Indicator for the count values.

Suppose I select the date Range between 11th September to 13th September .

The Timeout count for11th september is 3694,12th sep is 1209 and 13th september is 2755.

I want to display the trend Indicator which will show the percentage increase/decrease of timeout count values.

I have already use <option name="trendDisplayMode">percent</option> . But not sure the percentage increase and decrease count is coming correct.

Can someone guide me do I need to add anything else to show Trend Indicator for comparison.

Below is my XML Code:

<panel>
<single>
<title>TIMEOUT</title>
<search>
<query>index="abc" sourcetype=xyz Timeout $Org$ | bin span=1d _time |stats count by _time</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="colorBy">value</option>
<option name="drilldown">all</option>
<option name="height">100</option>
<option name="numberPrecision">0</option>
<option name="rangeValues">[0,10,25,40]</option>
<option name="trendDisplayMode">percent</option>
<option name="unit"></option>
<option name="rangeColors">["0xFF0000","0xFF0000","0xFF0000","0xFF0000","0xFF0000"]</option>
<option name="useColors">1</option>
<drilldown>
<set token="show_panel">true</set>
<set token="selected_value">$click.value$</set>
</drilldown>
</single>
</panel>

Labels (1)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-15-2020 12:04 AM

you can not apply trend for more than two consecutive values.

you can show trend last two days or last two months or last 2 hours or last 2 years. not last 3 days , 3 hours or 3 years.

<dashboard>
  <label>Trend-example</label>
  <row>
    <panel>
      <single>
        <search>
          <query>index=_internal source="*splunkd.log" log_level="error" | timechart span=1d count</query>
          <earliest>-1d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
</dashboard>
————————————
If this helps, give a like below.
0 Karma
Reply

aditsss
Motivator
‎09-14-2020 11:21 PM

Can someone guide me on this.

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...