Is it possible to see the past readings of a singl...

badrinath · ‎05-13-2022

HI all,

can we see the past readings of a single value graph over a time range?

like if at this moment the single value graph shows a value of 40 then after 10sec it becomes 50 and then 30 can we see all these points in a timechart or some other visualization.

or is it possible to import that specific value in single value chart continuously using something like token and append it to some other graph?

badrinath · ‎05-13-2022

I need a search for last 10min and be able to view the results over a day or an hour

gcusello · ‎05-13-2022

Hi @badrinath,

sorry but I don't understand your need: what do you mean when you say "I need a search for last 10min and be able to view the results over a day or an hour"?

do you want to display the results of specified ten minutes,
the last ten minutes
the last 24 hours with a span of 10 minutes

?

as I sayd the optimus solution for you is to use a Real Time Search but it takes one CPU and release it only when you close the dashboard, this means that you you have 10 people that use this dashboard you block you system!

about panel refresh, you could try something like this:

<row>
    <panel>
      <table>
        <search>
          <query>
            index=*
            | timechart count by country span=10m
          </query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <refresh>10m</refresh>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>

I hope to understand you need.

Ciao.

Giuseppe

badrinath · ‎05-13-2022

thankyou for the solution

and as per the question you asked the search should be for last 10min data and the result should be appended to a graph and I should be able to see the graph like for the last 30min or 1hr

gcusello · ‎05-13-2022

Hi @badrinath,

if this answer solves your need, please accept the solution for the other people of Community, otherwise tell me how to help you.

See next time.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello · ‎05-13-2022

Hi @badrinath,

to display the result you described, you should create a new panel using a search similar to the one for the Single Value and a different visualization, e.g. an histogram of a line graph.

If you share your search I could help you in this job.

Ciao.

Giuseppe

badrinath · ‎05-13-2022

index=* earliest=-10m
| stats count by country

as this is real time search it is generating count of different countries and I need to visualize those counts over a period of time

but as soon as I get a new data it should count all the values from past 10min and should append the values to graph and time should not be in buckets of 10 min like from 2:00 to 2:10 it should be dynamic the last 10min from current data

gcusello · ‎05-13-2022

Hi @badrinath,

you could usethe followinh search in a line graph panel:

index=* earliest=-10m
| timechart count by country

about the requirement of having alwayn new data, you could use a Real Time search, but it's expensive for your infrastructure because it takes a CPU and never release.

If your search isn't so slow, you could setup an automatic refresh of your panel every 10 minutes.

<refresh>10m</refresh>

in your search section.

Ciao.

Giuseppe

badrinath · ‎05-13-2022

but this filters out last 10min data and displays it

but its not working in real time.

and how to use the refresh command ?

Is it possible to see the past readings of a single value graph over a time range?

table

timechart

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!