Splunk Search

How to use single value comparison with trend arrow in splunk?

sanjubaba
Path Finder

I am preparing a SNOW incident trend which should showcase the percentage of tickets reduced/increased in current month as compare to the previous month along with the current opened tickets value. But when I compared it with the help of timechart command and span it is giving me current value as 0. Ideally it should show me the value of total opened tickets. Since it is taking current days data it is showing as 0. How I make sure that it should the data for all opened incidents?

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sanjubaba ,

in general to use the trend arrow in a Single Value Panel, you need to have from your search two results, the first to use as the current value and the second as the previous one.

To better understand how to do this, I hint to install the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603/). in which you can find an example of this.

You can do this using a timechart command or a stats command.

If you could share your search I could be more detailed.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...