Is it possible to display a name or number on top ...

nilotpaldutta · ‎08-26-2015

Hi Everyone,

Is it possible to display a name or number on top of a chart overlay?

I have a search that displays the data in a bar chart.
My sample search:

index ="my_index_1" sourcetype="type_1" | rename Col_1 as Ticket_Number | rename Col_2 as ticket_created_date | table Ticket_Number, ticket_created_date | join Ticket_Number [search index ="my_index_2" sourcetype ="type_2" | rename Col_1 as Ticket_Number | rename Col_2 as Classification | table Ticket_Number, Classification | eval Classification=lower(Classification) | eval Classification=upper(substr(Classification,1,1)).lower(substr(Classification,2)) | replace "Sev-4" with "(4) Sev-4", "Sev-3" with "(3) Sev-3", "Sev-2" with "(2) Sev-2", "Sev-1" with "(1) Sev-1"] | table Ticket_Number, ticket_created_date, Classification | eval Month=strftime(strptime(ticket_created_date,"%d/%m/%Y %H:%M"),"%Y/%m") | chart count over Month by Classification | eval Threshold_2014=round(10880) | eval Threshold_2015=round(5440)

My output currently looks like that in Fig-1.png

Is there a way to put a number right on top of the two different thresholds at the end? So that the final output looks something like Fig-2.png?

Thanks in advance.

masonmorales · ‎08-26-2015

Not without doing a bunch of custom web development. Have you considered just changing the names that will appear in the legend? I know it's not ideal, but it might be a quick workaround.

 eval 10880_Threshold_2014=round(10880) | eval 5440_Threshold_2015=round(5440)

Is it possible to display a name or number on top of a chart overlay?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor