Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to see the past readings of a single value graph over a time range?

badrinath
Path Finder
‎05-13-2022 05:24 AM

HI all,

can we see the past readings of a single value graph over a time range?

like if at this moment the single value graph shows a value of 40 then after 10sec it becomes 50 and then 30 can we see all these points in a timechart or some other visualization.

or is it possible to import that specific value in single value chart continuously using something like token and append it to some other graph?

Labels (2)
Labels
0 Karma
Reply

badrinath
Path Finder
‎05-13-2022 05:51 AM

I need a search for last 10min and be able to view the results over a day or an hour

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 08:26 AM

Hi @badrinath,

sorry but I don't understand your need: what do you mean when you say "I need a search for last 10min and be able to view the results over a day or an hour"?

  • do you want to display the results of specified ten minutes,
  • the last ten minutes
  • the last 24 hours with a span of 10 minutes

?

as I sayd the optimus solution for you is to use a Real Time Search but it takes one CPU and release it only when you close the dashboard, this means that you you have 10 people that use this dashboard you block you system!

about panel refresh, you could try something like this:

<row>
    <panel>
      <table>
        <search>
          <query>
            index=*
            | timechart count by country span=10m
          </query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <refresh>10m</refresh>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>

 I hope to understand you need.

Ciao.

Giuseppe

0 Karma
Reply

badrinath
Path Finder
‎05-13-2022 09:01 AM

thankyou for the solution 

and as per the question you asked the search should be for last 10min data and the result should be appended to a graph and I should be able to see the graph like for the last 30min or 1hr 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 09:42 PM

Hi @badrinath,

if this answer solves your need, please accept the solution for the other people of Community, otherwise tell me how to help you.

See next time.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 05:27 AM

Hi @badrinath,

to display the result you described, you should create a new panel using a search similar to the one for the Single Value and a different visualization, e.g. an histogram of a line graph.

If you share your search I could help you in this job.

Ciao.

Giuseppe

0 Karma
Reply

badrinath
Path Finder
‎05-13-2022 05:50 AM

index=* earliest=-10m
| stats count by country

as this is real time search it is generating count of different countries and I need to visualize those counts over a period of time

but as soon as I get a  new data it should count all the values from past 10min and should append the values to graph and time should not be in buckets of 10 min like from 2:00 to 2:10 it should be dynamic the last 10min from current data 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 07:31 AM

Hi @badrinath,

you could usethe followinh search in a line graph panel:

index=* earliest=-10m
| timechart count by country

about the requirement of having alwayn new data, you could use a Real Time search, but it's expensive for your infrastructure because it takes a CPU and never release.

If your search isn't so slow, you could setup an automatic refresh of your panel every 10 minutes.

<refresh>10m</refresh>

in your search section.

Ciao.

Giuseppe

0 Karma
Reply

badrinath
Path Finder
‎05-13-2022 08:06 AM

but this filters out last 10min data and displays it  

but its not working in real time.

and how to use the refresh command ?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...