Splunk Search

How to use single value comparison with trend arrow in splunk?

sanjubaba
Path Finder

I am preparing a SNOW incident trend which should showcase the percentage of tickets reduced/increased in current month as compare to the previous month along with the current opened tickets value. But when I compared it with the help of timechart command and span it is giving me current value as 0. Ideally it should show me the value of total opened tickets. Since it is taking current days data it is showing as 0. How I make sure that it should the data for all opened incidents?

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sanjubaba ,

in general to use the trend arrow in a Single Value Panel, you need to have from your search two results, the first to use as the current value and the second as the previous one.

To better understand how to do this, I hint to install the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603/). in which you can find an example of this.

You can do this using a timechart command or a stats command.

If you could share your search I could be more detailed.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...